Techly NewsGet the app

Get the latest tech news

Lessons in disabling RC4 in Active Directory (2021)


Customer lessons learned when disabling RC4 in Active Directory.

The protocol certainly didn't let you do weird things like DES(MD4(password)), so Windows created the MD4+RC4 crypto system. This turns out to be phenomenally powerful because it transparently migrates users to stronger keys without breaking anyone, at a small cost of delaying weeks or months as password changes occur. This is because MD4 itself is a pretty lousy hash algorithm, and it's easier to guess the original password when compared to the AES ciphers.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of lessons

lessons

Photo of active directory

active directory

Photo of rc4

rc4

Related news:

News photo

Learning lessons from the loss of the Norwegian frigate Helge Ingstad

News photo

Lessons from building an AI data analyst

News photo

Linux 6.17-rc4 Released With Bcachefs Now "Externally Maintained", Some New Hardware

« Tesla board chair calls debate over Elon Musk’s $1T pay package ‘a little bit weird’
California's age verification bill for app stores and operating systems takes another step forward »