Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: sshd for windows

From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 20 Jun 2003 12:02:53 -0700
From: "Depp, Dennis M." <deppdm () ornl gov>
NTLMv2 is an encryption method.  (Granted it is weak, but it still is
encrypted.)  By default, Microsoft Telnet uses NTLM to encrypt the
password.  This means the only client that can access the server is the
Microsoft telnet that comes with Windows 2000.  You can setup a Windows
2000 server with the default installation of telnet and see that the
password is encrypted.


Ok, it looks like I was partially wrong, here's what microsoft has to say:

----------------------------------------------------------------------------------------------------------------------------------------------
What’s NTLM?
NTLM (NT LanMan) is an authentication process that’s used by all members of the Windows NT family of products. Like its predecessor LanMan, NTLM uses a challenge/response process to prove the client’s identity without requiring that either a password or a hashed password be sent across the network. 

How does challenge/response work?
When the authentication process begins, the user’s system (client) sends a login request to the telnet server. The server replies with a randomly generated “token” (or challenge) to the client. The client hashes the currently logged-on user’s cryptographically protected password with the challenge and sends the resulting “response” to the telnet server.
The telnet server receives the challenge-hashed response and compares it to what it knows to be the appropriate response. (The server takes a copy of the original token – which it generated – and hashes it against what it knows to be the user’s password hash from its own user account database.) If the received response matches the expected response, the user is successfully authenticated to the host. 

Is my password being sent across the network during NTLM authentication?
No. NTLM authentication does not send the user’s password (or hashed representation of the password) across the network. Instead, NTLM authentication utilizes challenge/response mechanisms to ensure that the actual password never traverses the network. 
----------------------------------------------------------------------------------------------------------------------------------------------
Its' still nowhere near as secure as using SSH, but it's better than the plain text transmission I was talking about. I also did a packet capture test and confirmed this. Be warned however that this feature can be disabled, so you're not automatically safe. 

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Within every man beats a heart of darkness." --The Shadow

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail 


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in 
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: