|
![](/i/fill.gif) |
On 10/18/2011 1:12, Invisible wrote:
> On 17/10/2011 07:10 PM, Darren New wrote:
>
>> Um, lots, yes. You think there haven't been any new internet protocols
>> since mid-1990's?
>
> Basically, yes?
http://www.ietf.org/download/rfc-index.txt
> Active Directory uses Kerberos authentication, but by default it still
> generates weak-arse LANMAN password hashes for backwards compatibility. So
> it doesn't matter how strong Kerberos may or may not be, because you can
> just attack LANMAN instead.
Well, unless you've installed one of the newer operating systems in the last
12 years, or changed the default.
> That's just one example of how backwards compatibility tends to completely
> ruin any attempt at security.
It's an example of how someone who knows the default is insecure and doesn't
need the backward compatibility hasn't yet changed their AD to use the more
secure hashing?
--
Darren New, San Diego CA, USA (PST)
How come I never get only one kudo?
Post a reply to this message
|
![](/i/fill.gif) |