http://www.codinghorror.com/blog/archives/000949.html : Rainbow Hash Cracking
Scary things, Rainbow Hashes; it's why the UNIX world came up with the Salting idea decades ago. Unfortunately, MS's LAN Manager team hadn't heard of that idea, and inertia being what it is, seems to suggest that Windows Server 2003 still accepts that authentication:
Unfortunately, Windows servers are particularly vulnerable to rainbow table attack, due to unforgivably weak legacy Lan Manager hashes. I'm stunned that the legacy Lan Manager support "feature" is still enabled by default in Windows Server 2003. It's highly advisable that you disable Lan Manager hashes, particularly on Windows servers which happen to store domain credentials for every single user. It'd be an awful shame to inconvenience all your Windows 98 users, but I think the increase in security is worth it.
I'd say that putting Windows98 users to any level of inconvenience would be worth it.
Comments for 'Rainbow Hashes'
You could post a comment if you were logged in.
You are logged in as 0