Somewhere on the Microsoft web site, (security section?) they have an
article on how to turn off (via the registry) the Lan Manager hash
for Win NT 4.0. Its a pity Microsoft didn't port the full NT PPTP
implementation as part of the Dial-Up 1.2 upgrade. One would hope
Microsoft won't make the same mistake with the KERBEROS port for
NT 5.0 and offer support in the Memphis release....
Personal Opinions provided by
aka leonard @
On Sun, 2 Nov 1997, Russ wrote:
> >So there's no way to force the NT server to refuse LanMan hashes?
> >be the easiest and most obvious way to avoid the issue; must mean that
> >it's impossible. :-(
> I honestly don't think its a matter of being impossible, as surely it
> isn't. One thing I would look for, however, is just whether or not all
> NT functions that involve hashes are done using NT hashes only (this
> would be a logical extrapolation of their statement that LM hashes are
> only removed if enforced on both the server *and* the client).
> I do think its a matter that to do so would prevent the use of Win95,
> and I believe MS feels this setting would cause to many support issues.
> It would also glaringly focus attention on the insecurities of Win95
> (not that they try and say it is secure, just that they probably don't
> want it pointed out so vividly).
> Humble opinions all of my own.