Confounding NSA assumptions


NSA mostly rely, as in 1945, on human nature to drive cryptanalysis “breaks”. This means you – and your similarities with wehrmarct signals corp persons who, by their behavior, compromised both the enigma and tunny cryptosystems (over several generations).

Get over it. Your no better.

So now to do things right.

If you want ie to provide a Kerberos ticket to iis (or office365 online) for NSA to see, rather than your password!, make Kerberos work!

Add the https site to the intranet security domain.

If the site is on machine foo.domain.com, expose the site on anything else (eg cname.domain.com)

Add an spn: a Kerberos name (based on cname) that foo machine can identify with.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in coding theory. Bookmark the permalink.