Security Basics mailing list archives

Re: sshd for windows

From: ktabic <lists () ktabic co uk>
Date: 22 Jun 2003 17:46:33 +0000

Thats totally true, but worthless.  Authentication isn't the problem, it's 
the transmission that's in the clear, so now you're sending your loging name 
and password in cleartext.  Sure, they're stored in NTLMv2 format at the 
other end, but what does that matter if they just put a sniffer on the wire?


NTLMv2 is not the storage meathod of passwords in Windows 2k/XP, thats
what the SAM and the Active Directory do. NTLMv2 is a challenge/response
authentification meathod.
When connecting to a windows 2000 telnet server, from the windows
2000/XP telnet client, the authentification of the session is done via
NTLMv2. It goes like this:
Client: Opens TCP port to server and sends username
Server: Sends a random string of bytes to the client (called the
challenge)
Client: Prompts user for password (or just uses the users password
hash), hashes the password then uses the hash to encrypt the random
string of bytes. This encrypted string is sent back to the server. It is
called the Response
Server: Decrypts the received encrypted sting of bytes, using the
offical password hash that is stored on the server.
Server: If the decrypted random string of bytes matches the original
string of bytes that was sent to the client, the user is authentic. If
not the password was wrong, and the rest of the connection is refused.
At no point in the authentification, is the password itself sent in
plain text, nor is it sent in an encrypted form. All the
authentification is performed using hashes of the password as a key to
encrypt a random string. 
The server itself doesn't need to know the users password, just the
password hash, and that isn't sent from the the client machine, but is
already stored on the server (or the ADS)

ktabic
-- 
Woot!


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

RE: sshd for windows, (continued)
- RE: sshd for windows DeGennaro, Gregory (Jun 18)
- RE: sshd for windows Depp, Dennis M. (Jun 18)
  - Re: sshd for windows Bryan S. Sampsel (Jun 18)
- RE: sshd for windows Chris Berry (Jun 19)
- RE: sshd for windows DeGennaro, Gregory (Jun 19)
- RE: sshd for windows DeGennaro, Gregory (Jun 19)
- RE: sshd for windows wjnorth (Jun 20)
- RE: sshd for windows DeGennaro, Gregory (Jun 20)
- Re: sshd for windows Chris Berry (Jun 20)
  - Re: sshd for windows Ansgar Wiechers (Jun 23)
  - Re: sshd for windows ktabic (Jun 23)
- RE: sshd for windows Chris Berry (Jun 20)
- RE: sshd for windows Chris Berry (Jun 21)
- RE: sshd for windows DeGennaro, Gregory (Jun 21)
- RE: sshd for windows Chris Berry (Jun 21)
- RE: sshd for windows Depp, Dennis M. (Jun 21)
- RE: sshd for windows Depp, Dennis M. (Jun 21)
- Re: sshd for windows Chris Berry (Jun 24)