I'm interested in using SMB encryption to connect over untrusted networks. I see that I can enable it in samba with 'smb encrypt = ...' which is great, and I'm seeing posts from Microsoft (like this one: technet.microsoft.com/en-us/library/dn551363(v=ws.11).aspx) bragging about how it can detect man-in-the-middle attacks. Can anyone point me at the basic details of how it's able to do that? I understand how it works for TLS, by using a trusted third party to sign the site's public key so you know an attacker has not slipped their key in instead. I know how it works for SSH. You have to manually compare a fingerprint of the public key, and that key will be cached so that you can be warned if it changes. IPSec (among other options) can simply use a pre-shared key that uses a symmetric cipher. All of these different methods require configuring the client (in one way or another) to prearrange some information that allows it to tell the difference between the real server and an imposter, but I don't see how to do that in my smb.conf, so it makes me wonder whether I'm protected, and google isn't helping. Is it perhaps using your password somehow? Like, if an attacker knew the password that the client is using to connect, would it then be able to MITM and watch all the writes and reads that client performs, but since an attacker is unlikely to know your password already, then they're unable to know the initial symmetric cipher that each side is expecting... or something like that?
On Mon, 2017-08-14 at 06:45 -0400, Daniel Benoy via samba wrote:> Is it perhaps using your password somehow? Like, if an attacker knew the > password that the client is using to connect, would it then be able to > MITM and watch all the writes and reads that client performs, but since > an attacker is unlikely to know your password already, then they're > unable to know the initial symmetric cipher that each side is > expecting... or something like that?This is essentially correct, for NTLM. For Kerberos, it is the shared secret between the KDC and the file server, and then the password between you and the KDC. I'm drastically simplifying and in both cases, session keys are not directly the password, but things encrypted with the password and exchanged. It isn't public key based. I hope this helps, Andrew Bartlett -- Andrew Bartlett samba.org/~abartlet Authentication Developer, Samba Team samba.org Samba Developer, Catalyst IT catalyst.net.nz/services/samba
It does, thanks. So if the password is known, or the KDC compromised, then in principle MITM becomes possible? On 2017-08-14 15:28, Andrew Bartlett wrote:> On Mon, 2017-08-14 at 06:45 -0400, Daniel Benoy via samba wrote: >> Is it perhaps using your password somehow? Like, if an attacker knew >> the >> password that the client is using to connect, would it then be able to >> MITM and watch all the writes and reads that client performs, but >> since >> an attacker is unlikely to know your password already, then they're >> unable to know the initial symmetric cipher that each side is >> expecting... or something like that? > > This is essentially correct, for NTLM. > > For Kerberos, it is the shared secret between the KDC and the file > server, and then the password between you and the KDC. > > I'm drastically simplifying and in both cases, session keys are not > directly the password, but things encrypted with the password and > exchanged. > > It isn't public key based. > > I hope this helps, > > Andrew Bartlett