17 Dec
2003
17 Dec
'03
11:17 p.m.
Joel McNamara wrote:
Peter Gutmann has an interesting article in sci.crypt, demonstrating how weak Microsoft's encryption is with basic access control in Windows for Workgroups (I'm assuming Win95 uses the same algorithm). Essentially, he shows how a 32-bit key is created to be passed to RC4 for encrypting .PWL files. I think a t-shirt is definitely in order for this.
Further information on the method used by Windows NT (a challenge-response mechanism) can be found on the MSDN CD, or on the MS ftp site: PSS ID Number: Q102716. I'll mail the article to anyone that wants to see it (~11k). - Andy