'NT case sensitive passwords'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    NT case sensitive passwords
From:       kaplan () bpa ! arizona ! edu (Ray Kaplan)
Date:       1995-07-30 17:47:48
[Download RAW message or body]

New thread spawned from Re: NT - cont

Just finishing a bit of research into how NT works inside for a book
chapter that compares OpenVMS, Digital UNIX, and NT security.  Is there a
reason to believe that the following is not still current?

Quoting from
DOCUMENT:Q102716  21-FEB-1995  [winnt]
TITLE   :User Authentication with Windows NT
PRODUCT :Microsoft Windows NT
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:kbother kbfasttip
----------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Windows NT operating system version 3.1
 - Microsoft Windows NT Advanced Server version 3.1
----------------------------------------------------------------------
SUMMARY
=======
This article discusses the following aspects of user authentication:
 - Storage of the Passwords in the SAM Database
 - User Authentication by the MSV1_0 Authentication Package
 - Pass-Through Authentication

In the introductory paragraphs (paraphrased):
... the Lan Manager compatible passwor and the NT password are stored
doubly encrypted in the SAM database.

In the section on the Lan Mager compatible password:
"... The Lan Manager password ... is based on the original equipment
manufacturer (OEM) character set, not case sensitive (enforced by upper
casing before encryption, and up to 14 charaters long..."

In the section on NT passwords:
"... The Windows NT password is based on the Unicode character set, is
scase sensitive, and can be 128 characters long..."

You can ftp this article (and a ton of other stuff) from Microsoft.  Here is
where to find the aforementioned article:

        ftp://ftp.microsoft.com/bussys/winnt/kb/q102/7/16.txt

Also, Microsoft seems to have a HUGE www presence - check out:

        hppt://www.microsoft.com/

Impressive, me thinks.


RayK 8)                         Better Living Through Authentication
Ray Kaplan                        I usually only speak for myself
Security Services
P.O. Box 23210
Richfield, MN  55423
Phone / FAX (612) 861-7198
currently: kaplan@bpa.arizona.edu
But, as with everything else in life, this will change.
 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic