Re: Insecure Hash Algorithms (MD5) and NTLMv2

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Thu Nov 03 2005 - 16:06:00 EST

• Next message: Daniel Miessler: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
• Previous message: DMORROW5@satx.rr.com: "Re: Sniffing on a switch"
• In reply to: Ben Nagy: "RE: Insecure Hash Algorithms (MD5) and NTLMv2"
• Next in thread: Miguel Dilaj: "RE: Insecure Hash Algorithms (MD5) and NTLMv2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

----- Original Message -----
From: "Ben Nagy" <ben@iagu.net>
To: "'Thierry Zoller'" <Thierry@sniff-em.com>
Cc: <pen-test@securityfocus.com>
Sent: Wednesday, November 02, 2005 5:33 AM
Subject: RE: Insecure Hash Algorithms (MD5) and NTLMv2

> Although I often find these kind of link-paste responses amusing, in this
> case I think it's rather specious.

Hi Ben-- It was just that sort of "link-paste" response that got this whole
thread started. The OP could not substantiate his statements technically,
so the responses become concatenated links to other non-substantiated
claims.

The important thing for readers to walk away with is that Micorosft is *not*
"dropping support for NTLMv2" as the OP claimed. Unfortunatedly, Howard's
quote of "banning MD5 in future code" was stretched by the OP into
"Microsoft drops support for NTLMv2." I wasn't so interested in trying to
correct the OP, as responses showed he couldn't tell the difference between
netlogon protocols and IPSec, but rather, I was trying to make sure that
other readers got better information.

While other protocols and components will continue to be developed, NTLMv2
will be supported for quite a some time. That's really one of the cool
things about Vista- they are making higher level protocols more modular,
allowing customers to plug-in lower-level components to better suit their
needs.

Thanks.

T

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Daniel Miessler: "Re: Insecure Hash Algorithms (MD5) and NTLMv2"
• Previous message: DMORROW5@satx.rr.com: "Re: Sniffing on a switch"
• In reply to: Ben Nagy: "RE: Insecure Hash Algorithms (MD5) and NTLMv2"
• Next in thread: Miguel Dilaj: "RE: Insecure Hash Algorithms (MD5) and NTLMv2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:07 EDT