Confounding NSA assumptions


NSA mostly rely, as in 1945, on human nature to drive cryptanalysis “breaks”. This means you – and your similarities with wehrmarct signals corp persons who, by their behavior, compromised both the enigma and tunny cryptosystems (over several generations).

Get over it. Your no better.

So now to do things right.

If you want ie to provide a Kerberos ticket to iis (or office365 online) for NSA to see, rather than your password!, make Kerberos work!

Add the https site to the intranet security domain.

If the site is on machine foo.domain.com, expose the site on anything else (eg cname.domain.com)

Add an spn: a Kerberos name (based on cname) that foo machine can identify with.

Advertisements

About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in coding theory. Bookmark the permalink.