Be aware though, that the LANMAN and NT encryption methods do not "salt" the encryption, so if two users happen to choose the same password, the encrypted hash for each user will look the same. Hence, if you know one password, you actually know both. Also, if the password is 7 or fewer characters, only the first half of the 14 byte hash is required to crack the password. - Hreman On Mon, 23 Oct 2000 jjohnson@penguincomputing.com wrote: ->>The encryption is easily breakable see http://www.l0pht.com/l0phtcrack/ ->> ->>>From the samba-2.0.7/docs/textdocs/ENCRYPTION.txt: ->><samba-docs> ->>LanManager encryption is somewhat similar to UNIX password ->>encryption. The server uses a file containing a hashed value of a ->>user's password. This is created by taking the user's plaintext ->>password, capitalising it, and either truncating to 14 bytes (or ->>padding to 14 bytes with null bytes). This 14 byte value is used as ->>two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a ->>16 byte value which is stored by the server and client. Let this value ->>be known as the *hashed password*. ->> ->>Windows NT encryption is a higher quality mechanism, consisting ->>of doing an MD4 hash on a Unicode version of the user's password. This ->>also produces a 16 byte hash value that is non-reversible. ->></samba-docs> ->> ->>The information is out there if you just look for it. ->> ->>-miah ->> ->>On Mon, Oct 23, 2000 at 03:54:43PM +0200, Robert Casties wrote: ->>> On Mon, 23 Oct 2000, Lars Trebing wrote: ->>> ->>> > semat wrote: ->>> > ->>> > > the probelm is that the password is still trasmitted over the network ->>> > > in clear text thus anyone running a sniffer on the network may be ->>> > > able to get your passwords. ->>> > ->>> > I really don't believe this is true. IMHO Samba's password encryption ->>> > mode does provide true password encryption (although I don't quite know ->>> > how good this encryption is). ->>> ->>> AIAK the encryption is OK (MD5 or so). The only problem is that the ->>> enrypted password is used as a cookie. It is just compared to the value in ->>> smbpasswd. If anyone gets your smbpasswd he can use the value to ->>> authenticate. ->>> ->>> This is different from the way unix login works where you still have to ->>> solve the backward problem to regenerate a password from a crypt value to ->>> break in. ->>> ->>> Cheers ->>> Robert ->>> ->>> -- ->>> Robert Casties --------------------- http://philoscience.unibe.ch/~casties ->>> History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 ->>> Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern ->>> Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0) ->>> ->>> ->>> --------------------------------------------------------------------- ->>> To unsubscribe, e-mail: suse-security-unsubscribe@suse.com ->>> For additional commands, e-mail: suse-security-help@suse.com ->> ->>--------------------------------------------------------------------- ->>To unsubscribe, e-mail: suse-security-unsubscribe@suse.com ->>For additional commands, e-mail: suse-security-help@suse.com ->>