23 Aug
2000
23 Aug
'00
06:40
It just occurred to me the other night, that for all those people debating MD5 vs crypt for shadow password lists... It's all pointless if you run samba, as samba uses standard NT encryption (with it's brain-dead problem with the split keyspace) for the /etc/smbpasswd file. forget etc/shadow ! /etc/smbpasswd is ALOT more vulnerable and using an encryption algorithm that even less secure than crypt. My dual Xeon P11 450 can crunch every possible NT passwd hash in l0phtcrack in a few hours..... Food for Thought.... Cheers Peter Nixon Senior Security Consultant IT Audit & Consulting (ITAC) Pty Ltd http://www.itaudit.com.au mailto:petern@itaudit.com.au