-----BEGIN PGP SIGNED MESSAGE----- I have been instructed that it is not a bug fix; it is a "Functionality Enhancement." Please note headers before replying -- you're probably in a Bcc field. The patch for the problem we started discussing on November 1st is dated yesterday, but no one outside Microsoft appears to have seen it until today. pr/password.htm started forwarding to the patch distribution page some time between 2PM and 7:30PM Pacific Time today (yes, I had hit "reload"). http://www.microsoft.com/windows/software/mspwlupd.htm http://www.windows.microsoft.com/software/mspwlupd.htm Anyone who uses passwords for just about anything -- network servers, dialup networking, remote registry services -- should get this patch. For a rough start at a technical discussion of the problem that this patch is supposed to solve, see http://www.c2.org/hackmsoft/ or the gopher list archive below. The Web page says it uses a 128-bit key. Intriguing. Anyone seen the CJR, or is Microsoft exempt? Microsoft had told various people that the new security algorithm would be published in advance and reviewed by outside security experts, but I have not been able to verify this. This was supposed to affect Windows for Workgroups as well; anyone know anything about that? - -rich owner-win95netbugs@lists.stanford.edu ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/ gopher://quixote.stanford.edu/1m/win95netbugs http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMNENt43DXUbM57SdAQG4xwP9EqXu5wXBOfpThtEUikqngrQNpe7RGKSv FqNSlZnh6GKJff6zQnZ3GyH0lYU8Mg+ApJVmSeSxq3ApA5Oc+jTUW6B4RNm+bxfT YBSThGmGbNNt948E/7oyXJdYVtWhuAleQtU7LxKNJfXoQlO/R05cc8O0zj7EiBR+ 777AbiM201s= =K2IQ -----END PGP SIGNATURE-----