1995-11-30 - Re: Microsoft weak encryption

Header Data

From: Andy Brown <a.brown@nexor.co.uk>
To: cypherpunks@toad.com
Message Hash: b675dcce032ed68eb7de270e2b13078c6528ce201e354a8cb4ff654931060d09
Message ID: <30BC95AB.211E@nexor.co.uk>
Reply To: <199511291447.GAA19250@mail.eskimo.com>
UTC Datetime: 1995-11-30 11:55:02 UTC
Raw Date: Thu, 30 Nov 1995 19:55:02 +0800

Raw message

From: Andy Brown <a.brown@nexor.co.uk>
Date: Thu, 30 Nov 1995 19:55:02 +0800
To: cypherpunks@toad.com
Subject: Re: Microsoft weak encryption
In-Reply-To: <199511291447.GAA19250@mail.eskimo.com>
Message-ID: <30BC95AB.211E@nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


Joel McNamara wrote:

> Peter Gutmann has an interesting article in sci.crypt, demonstrating how
> weak Microsoft's encryption is with basic access control in Windows for
> Workgroups (I'm assuming Win95 uses the same algorithm).  Essentially, he
> shows how a 32-bit key is created to be passed to RC4 for encrypting .PWL
> files.  I think a t-shirt is definitely in order for this.

Further information on the method used by Windows NT (a challenge-response
mechanism) can be found on the MSDN CD, or on the MS ftp site:
PSS ID Number: Q102716.  I'll mail the article to anyone that wants to see
it (~11k).


- Andy





Thread