Authentication 101
A good authentication process depend on two things:
- Authentication Protocol and,
- Authentication mechanism.
Authentication mechanism can be your user ID and password, smart card etc. In windows environment it’s usually your username and password.
The first three protocols (LM, NTLM and NTLMv2) are also referred as NTLM family protocols.
And two Password hashing techniques
- LM Hash
- NTLM Hash
There are 4 Authentication Protocols
There are two password hashing algorithms.
NT and NTLM protocols are weak and deprecated.
NTLMv2 is “secure” but Kerberos is preferred.
Kerberos is used in a Domain environment however NTLMv2 is still active.
Password Storage
Some might disagree and argue that windows keep clear text password in main memory. They are not wrong, in certain edge cases, listed below, Windows keep clear text passwords in main memory:
Kaynak: https://medium.com/@browninfosecguy/windows-authentication-and-attacks-101-part-a-dbe757f2f436
İlk Yorumu Siz Yapın