Other Software > Developer's Corner

"NTLM 100% Broken Using Hashes Derived From Captures"

(1/1)

TaoPhoenix:
I'll leave this one to my betters:

"NTLM 100% Broken Using Hashes Derived From Captures"
http://it.slashdot.org/story/13/01/09/0047202/ntlm-100-broken-using-hashes-derived-from-captures

"Microsoft has posted a little guidance for those who need to turn off NTLM."
http://support.microsoft.com/kb/2793313
Systems that are affected in a default configuration are primarily at risk, such as systems that are running Microsoft Windows NT 4, Windows 2000, Windows XP, and Windows Server 2003. For example, by default, Windows XP and Windows Server 2003 both support NTLMv1 authentication.
To have us fix this problem for you, go to the "Fix it for me" section.

Fix this problem
Microsoft Fix it 50969

------------------

So how serious is this for ordinary home users? If I click "Fix it" will I suddenly lose my Wifi connection?

Stoic Joker:
What are the potential risks of enforcing NTLMv2?
All supported versions of the Windows operating system support NTLMv2. Windows NT 4.0 SP6a also supports NTLMv2.-Microsoft KB2793313
--- End quote ---

NT Local Machine (NTLM) authentication has nothing to do with your WiFi. It the mechanism used to authenticate Local Machine accounts over the wire. WiFi is just a Layer 1 media connection.

Strange that this is still an issue since forcing NTLMv2 was a recommended configuration for Windows 2000 way back when it was released. It was actually covered in several of the whitepapers then, that (apparently) nobody read.

f0dder:
How can anything regarding NTLMv1 be considered news? :D

Navigation

[0] Message Index