At 02:04 PM 1/11/99 +0000, PetrieSmith, Edward wrote:
>
>The article that is worth looking at is:
>
> How to Enable Strong Password Functionality in Windows NT
>(Article ID: Q161990)
>
>This covers the .dll included in SP2 that can enforce a *very severe*
>strong password. However, if anybody out there has information on how to
>write their own version of the .dll (API calls included within the .dll)
>I would be very grateful.
Pasted directly from the above KB article:
---
Passfilt.dll implements the following password policy: Passwords must be at
least six (6) characters long. Passwords must contain characters from at
least three (3) of the following four (4) classes:
English upper case letters A, B, C, ... Z
English lower case letters a, b, c, ... z
Westernized Arabic numerals 0, 1, 2, ... 9
Non-alphanumeric ("special characters") such as punctuation symbols
Passwords may not contain your user name or any part of your full name.
These requirements are hard-coded in the Passfilt.dll file and cannot be
changed through the user interface or registry. If you wish to raise or
lower these requirements, you must write your own .dll and implement it in
the same fashion as the Microsoft version that is available with Windows NT
4.0 Service Pack 2.
---
The problem with this is that if a user chooses a password containing
characters from the first 3 categories (upper case letters, lower case
letters, and numbers) *AND* LANMAN hashes are enabled (to allow Win95
clients to authenticate through the PDC, for instance), the entire
alpha-numeric key space can be brute-forced using l0phtcrack in a very
(relatively speaking) short period of time (~ 28 hours on a PII/300.)
BTW, does anyone know if turning off the LANMAN hashes in an all NT
environment is a viable option? I thought I read something a few months
ago about someone who tried to do this on his all-NT network and the
absence of LANMAN authentication broke some of the services or programs he
was using on his NT servers.
Scott...
-------------------------------------------------------------------------
Scott N. Marks [EMAIL PROTECTED]
Manager, Information Systems http://www.rstcorp.com
Reliable Software Technologies Corp. 703-404-9293
PGP: 5F9F 77CC 3177 4F42 8213 F45F A307 D4AA 7800 5D99
-------------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
