There is a broad explanation of each in the textbook "Scene of the
Cybercrime" by Debra Littlejohn Shinder. It only glosses over the
surface of each, but might be useful if you are trying to present the
concept at a high level.
Tobin
___________________________
Tobin Craig, MRSC, CISSP, SCERS, EnCE
Program Director, Computer Crimes and Forensics
Department of Veterans Affairs
Office of Inspector General
___________________________
-----Original Message-----
From: Roman L. Daszczyszak II [mailto:romandas@gmail.com]
Sent: Thursday, March 10, 2005 3:57 PM
To: focus-ms@securityfocus.com
Subject: Basic question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Does anyone have a good reference on the differences between LanMan,
NTLM, NTLMv2 and Kerberos? Also, is there any restriction on the length
of a password used across a network/LAN for authentication? I'm aware
in NT/2K/XP/2003 the max length of a password is 127 characters, but am
curious if this is still true for network/domain authentication.
Lastly, I have heard (and would like confirmation/denial) that
authenticating to a domain-based machine from a machine outside the
domain causes an otherwise normally encrypted password to be sent
cleartext when authenticating with an IIS server. Can anyone point me
to references about this?
Thank you for any information y'all can provide.
Roman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCMLSUszjStpsfjf8RAtNLAJsGmQv5p9B1bk7msxzK0zrDkpcSKgCgxEKl
hoC2TjFp71dLF3Regw1c6qA=
=vQB2
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
