RE: Connecting to an IFS share with Windows XP

[tkreimer@xxxxxxxxxxxxxxx]

I do not have the "LAN Manager hash" enabled on my V5R4 system, but I was 
able to get the IFS share to work by not using mixed case password on my 
Windows Domain. 

Our domain requires mixed case OR a special character AND a number. To be 
specific, you need 2 out of the three of : mixed case, number, special 
character. Something like this might help mitigate both risks. Then, just 
be sure to always use one of the special characters allowed in an AS/400 
password (0-9, A-Z, @, $, # and underscore (_). Must start with an A-Z 
character)
=====================
Tom Kreimer
Network Manager
Buckhorn Inc, Milford OH



<lgoodbar@xxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
03/04/2009 11:05 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
<midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: Connecting to an IFS share with Windows XP






LAN Manager is the original NT password hashing mechanism if I recall.
It splits a password into 7 character chunks and hashes. These days they
are not considered very secure. It has been superseded by a different,
stronger hash. Current Windows OS (Vista & 7) make you jump through
hoops to use NTLM.

NTLM has been "trivial" to crack for years now with a tool called
L0ftcrack.

Others more well-versed in the Windows realm can enlighten or correct.

--Loyd

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Essinger
Sent: Wednesday, March 04, 2009 9:29 AM
To: Midrange Systems Technical Discussion
Subject: Re: Connecting to an IFS share with Windows XP

Any idea on the impact of allowing authentication with the LAN Manager
password hash?