Re: [Hampshire] Happy Happy Joy Joy

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MAndy Random at <-
M\MMTony Whitmore at ->

Reply to this message
Author: Tony Whitmore
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Happy Happy Joy Joy
Andy Random wrote:
> On Sat, 22 Sep 2007, Vic wrote:
>> But you still need a Windows box to be the domain controller;
>> you can only control the domain if you downgrade the authentication to
>> NTLM (which is crap).
>
> Just to take this thread on another tangent what is so bad about NTLM,
> we have Linux boxes with Apache running that use NTLM auth in the office
> and it seems to work ok to me? Is this a performance/functionality issue
> or a technical/security one?

NTLM is very easy to brute force using tools easily available on the
internet. It's made easier because it stores an encrypted password in
two shorter halves. IME 75% of passwords are cracked in the first 5
minutes, 95% after the first half an hour or so.

AD can run in Mixed Mode which allows those machines capable of greater
security to use it, whilst those systems which aren't (NT4 servers, some
print servers or custom applications) still use NTLM.

Tony


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Happy Happy Joy JoyRe: [Hampshire] Happy Happy Joy Joy->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)