Passwords in NDS

The NDS password is a very secure password. So secure, that Novell had to result to trickery in order to support other password schemes. This is why.

When NetWare 4 released, NDS came with it. With NDS also came a new login scheme. Novell actually paid RSA to license their encryption technology, rather than use unencumbered encryption methods. This is where the problem lay.

When you log in to a Novell network from a Novell Client, you get asked a password. You give it. The Client then requests from the Server the RSA Certificate for passwords in that particular tree, and encrypts your password with that key. The ciphered value is then compared with the cipher-value stored in your user-object. Since the system does not use a public/private key system and instead just a one-way cipher, there is no simple way to turn the cipher-value into its clear-text value.

Universal Passwords are Novell's way of fixing that. Instead, it uses 3DES, and safes the DES keys multiple ways. Since DES is reversible, it is possible to translate the Universal Password into the various password styles required by the various Native File Access protocols.

So in essence, Novell went TOO secure back in the early '90s. Nothing is uncrackable, but NDS passwords are pretty tough. Too tough for interoperability, as it eventually turned out.