samba - Oct 1997 - DOS Client and Basic Redirector and security=user (PR#1378)

> It turns out that the MS Network Client for DOS Basic Redirector _always_
> sends a 24 byte password.  So, I guessed at encryption, got
'libdes',
> recompiled my smbd (again), found a 'spare' Silicon Graphics server
and
> installed Encryption on it.  (ENCRYPTION.txt is very good).
Yep, good guess. All encrypted passwords in SMB are 24 bytes long. The
"basic redirector" must ignore the "use encryption bit" in
the negotiate
protocol response.
> Only one gripe (other than the 'Basic' redirector not doing
plain-text
> passwords of course) is that there's no way for Samba to take the
encrypted
> string it's been sent, deduce the plain text password, and try that as
> well.  Is there?
Well, it would be possible, but would take a huge amount of CPU time per
login (or a very very large lookup table on disk). The encryption system
used is quite weak but not weak enough for real-time decryption on todays
systems.

You might also like to spend some time investigating whether the client 
can be forced to not use encryption. I have vague memories of this 
being configurable.

Andrew