In article <199701140755.CAA04514@mail.intercon.com>,
Amanda Walker
(a) Server sends 8-byte challenge to client
(b) Client sends Microsoft NT authentication response to the server (take the password in Unicode form, do an MD4 hash, pad with 0s to 21 bytes, split into 3 7-byte groups, use these as DES keys to encrypt the challenge three times, send the 24-byte result as the response).
(c) If authentication fails, close the connection.
(d) If authentication succeeds, all subsequent traffic is enccrypted with DES in CFB mode. Until April :), the DES key used is taken from the first 7 bytes of the MD4 hash of the password (after April, we expect to switch to Diffie-Hellman key exchange first, followed by a revised authentication handshake).
Some weaknesses: - It doesn't resist dictionary attacks (no salt) when the attacker can make one active probe (forge a fixed challenge and get the client's response). - It doesn't stop replay attacks (replay a fixed challenge, now the same DES key is used, so replay DES-encrypted session data). - DES-encryption doesn't provide message authentication against active attacks; use a MAC too. - You should use independent DES keys for each direction of the connection. - Also the DES encryption key doesn't change for each connection. It should.