Security 10748 Published by

Sysopt has posted an article called "How to Make Windows 2000 and NT 4 Passwords Uncrackable".



Windows 2000 also differs from NT by using Kerberos password authentication. Kerberos works by considering the password a private key and then gets a bit of information from the server, which is encrypted with the key and returned to the server. The server then checks the encyrpted information, and if it can decrypt it with the password, the user is authenticated. Thus, there is no way to get login information by sniffing for passwords and hashes over the network. Unfortunately, this works only with other Windows 2000 systems and within a Windows 2000-only environment. Unix has had Kerberos authentication capabilities for years, but some sections of the protocol that Microsoft used weren´t in the specifications, which made their implementation incompatible with all other Kerberos-capable systems.
Read more