David Collier-Brown
1998-Mar-23 12:50 UTC
e: Win NT Authorization problems... the *real* fix you are looking for.
You said: | 1) No sane administrator would want to defeat encrypted password by | allowing clear text passwords in the registry if they didn't have to. Actually that's MS doing a ``Fear Uncertainty and Doubt'' on us... in a previous life as a professional paranoid (security person), I got asked why Unix (including B2 Unix) didn't obfuscate passwords passing across the net. The answer is that the cost of obfuscating passwords was only a little less than encrypting, passwords and data both, and there weren't enough cycles available to encrypt the data. So encrypting passwords but no the data the passwords protected was a lov-value high-cost exercise. The MIT folks invented an elegant workaround, and encrypted a challenge to be decrypted by the password, but did so using (1) a dedicated fast server and (2) a willingness to let the client (and its user) sit and wait. Now that we **DO** have enough cycles to encrypt everything, I do. I use Skip (http://skip.incog.com/), even on my wife's PC. It's free and fast, and it encrypts everyting is an IPsec-oriented way. I used to refer to MS's scheme this as ``wearing steel glasses to protect your eyes in battle''. You still get killed by bullets to the heart, and never know when to duck! --dave (hmmn, didn't I just say that?) c-b -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb