The encryption is easily breakable see http://www.l0pht.com/l0phtcrack/
From the samba-2.0.7/docs/textdocs/ENCRYPTION.txt: <samba-docs> LanManager encryption is somewhat similar to UNIX password encryption. The server uses a file containing a hashed value of a user's password. This is created by taking the user's plaintext password, capitalising it, and either truncating to 14 bytes (or padding to 14 bytes with null bytes). This 14 byte value is used as two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a 16 byte value which is stored by the server and client. Let this value be known as the *hashed password*.
Windows NT encryption is a higher quality mechanism, consisting of doing an MD4 hash on a Unicode version of the user's password. This also produces a 16 byte hash value that is non-reversible. </samba-docs> The information is out there if you just look for it. -miah On Mon, Oct 23, 2000 at 03:54:43PM +0200, Robert Casties wrote:
On Mon, 23 Oct 2000, Lars Trebing wrote:
semat wrote:
the probelm is that the password is still trasmitted over the network in clear text thus anyone running a sniffer on the network may be able to get your passwords.
I really don't believe this is true. IMHO Samba's password encryption mode does provide true password encryption (although I don't quite know how good this encryption is).
AIAK the encryption is OK (MD5 or so). The only problem is that the enrypted password is used as a cookie. It is just compared to the value in smbpasswd. If anyone gets your smbpasswd he can use the value to authenticate.
This is different from the way unix login works where you still have to solve the backward problem to regenerate a password from a crypt value to break in.
Cheers Robert
-- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com