Hi. On Mon, 23 Oct 2000 jjohnson@penguincomputing.com wrote:
The encryption is easily breakable see http://www.l0pht.com/l0phtcrack/
From the samba-2.0.7/docs/textdocs/ENCRYPTION.txt: <samba-docs> LanManager encryption is somewhat similar to UNIX password encryption. The server uses a file containing a hashed value of a [snip] </samba-docs>
If you read on, you will see that this hashed password is not transfered over the network, but instead used as a key in a challenge response authentication scheme. That is secure, as far as the password (or its hash) are concerned.
The information is out there if you just look for it.
Just my saying.
-miah
olli -- -------------------------------------- Oliver Hensel <oliver.hensel@gmx.net> <ohensel@security-academy.de> http://www.ohensel.de/ Training + Consulting Unix - Linux - Firewalls - Security --------------------------------------