Re: Secure Methods of file transfer over network shares

In news:a4876da7-3771-4811-b757-a6a1c037e871@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
Eric <ericstauss@xxxxxxxxx> typed:
Phillip,

So using this method it does not send the password to the server at
all? You would think at some point it would have to send the password
to be able to authenticate.

Do you know what it sends or can you point me in the direction of some
documents that would tell me?

Thank you for your help.

Eric

I must agree and affirm Phillip's response. The password does NOT get send
across during a Ch/Resp transaction but rather the hash does. The server
creates a hash of the username and password, then the client connecting
enters their user/pass and the worktation creates it's own hash based on the
same algorithm (a proprietary method shared among all Microsoft products)
and sends the hash across the wire. The server then compares the hash it
received with the hash it created. If it matches, you are in. If not, you
are not.

HOwever I must point out there are tools out there to crack the hash. So if
someone is deliberately running one of these tools targeting your machine or
sitting there watching hashes fly across the wire, then it may be caught and
the tool may crack it. If the solution you seek MUST secure traffic between
two hosts so no one can get in, tools or not, use IPSec. That is your only
choice with such a high secure requirement.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations


.

Relevant Pages
Loading