Lessons in disabling RC4 in Active Directory (2021)

https://syfuhs.net/lessons-in-disabling-rc4-in-active-directory

30•speckx•4mo ago

Comments

gleenn•4mo ago

Kinda wild hearing about anything even using MD4. I remember doing an MD5 attack in a security class like 20 years ago. Obviously that kinda what this whole article is about but literally the first time ever hearing "MD4".

tptacek•4mo ago

Notably, those attacks aren't problematic in the setting MD4 is used in here (but the "outer" construction iterating it is deeply problematic).

ospray•4mo ago

"That's the crazy thing most of the security that active directory uses was built in the 90s or early 00s with windows nt. The have only really been patching it since, security is a great place to see really retro stuff

philodeon•4mo ago

When you turn off the bad cryptography, the product becomes unusable.

The purpose of a system is what it does.

ethanwillis•4mo ago

That quote would mean that the system being unusable without RC4 is exactly the point.

It doesn't mean that a system is what its makers intended for it to do.

philodeon•4mo ago

Yes, that is precisely my point.

“ According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which "actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs" to make them "exploitable." ... One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.” —New York Times

ethanwillis•4mo ago

Fair point, it just wasn't immediately clear to me :)

lousken•4mo ago

just like windows 11 gui, security on windows is like putting lipstick on a pig

throw0101a•4mo ago

See perhaps recent story "Kerberoasting" about extracting encrypted service account credentials from Active Directory:

* https://news.ycombinator.com/item?id=45196437

Start all of your commands with a comma (2009)

Hoot: Scheme on WebAssembly

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

The Waymo World Model

Vocal Guide – belt sing without killing yourself

Reinforcement Learning from Human Feedback

Making geo joins faster with H3 indexes

Where did all the starships go?

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Welcome to the Room – A lesson in leadership by Satya Nadella

Ga68, a GNU Algol 68 Compiler

What Is Ruliology?

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Show HN: I spent 4 years building a UI design tool with only the features I use

Hackers (1995) Animated Experience

Sheldon Brown's Bicycle Technical Info

Show HN: If you lose your memory, how to regain access to your computer?

Microsoft open-sources LiteBox, a security-focused library OS

An Update on Heroku

Cross-Region MSK Replication: K2K vs. MirrorMaker2

PC Floppy Copy Protection: Vault Prolok

Was Benoit Mandelbrot a hedgehog or a fox?

Dark Alley Mathematics

The AI boom is causing shortages everywhere else

How to effectively write quality code with AI

Delimited Continuations vs. Lwt for Threads

I now assume that all ads on Apple news are scams

Introducing the Developer Knowledge API and MCP Server

Understanding Neural Network, Visually