Re: [squid-users] Security of NTLM authentication

From: Leonardo Rodrigues <leolistas_at_solutti.com.br>
Date: Tue, 02 Jun 2009 21:34:06 -0300

Amos Jeffries escreveu:
>
> One thing to be wary of is that NTLM hash strength is pretty much limited
> by the Windows releases involved. The older versions used by Win9x are
> hashes which are now trivially broken, none are completely secure. The
> latest windows releases have deprecated it in favor of the much more secure
> Kerberos (but that won't work with anything much older than XP and IE6).
>
>
    supporting Win9x is not needed and, if i can do anything to really
dissallow those to browser, i will :)

    basically my clients will be Win9x and Vista and Windows 2003/2008
servers as well. There's absolutely no chance of having Win9x on my
project, which seems to be good.

> There is also digest authentication, which is the IETF standard for secure
> authentication over HTTP. Some people actually use it too. And it works
> without needing windows or domain controllers.
>
>

    having a domain controller is not a problem indeed. In fact i need
squid to use AD username and passwords. Anyway, i'll look for digest
authentication.

    thanks for the answer and for the hints.

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes_at_solutti.com.br
	My SPAMTRAP, do not email it
Received on Wed Jun 03 2009 - 00:34:31 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 03 2009 - 12:00:02 MDT