crypted SMB passwords: security issue only on Unix ?

Thu Oct 16 15:58:31 GMT 1997

On Thu, 16 Oct 1997, Jacques Gelinas wrote:

> I have been reading the FAQ on the SMB crypted passwords. This FAQ states
> that there is a security issue. Mostly, if someone manage to grab a copy
> of my smbpasswd file

which will only be possible, if you have followed the instructions in 
ENCRYPTION.txt, if they have root access.  if they have root access, then 
the smbpasswd file is the least of your worries.

> and has access to a modified client, he can access my
> share without really knowing the original password (He supply the crypted
> one only). I understand pretty well the issue here. 
> 
> It seems that NT does not have this problem,

ho ho ho.  hee hee hee.

> or at least try to cope
> with it (Well they could have fixed the protocol for one and this would
> have solved the problem!). Sounds like NT passwords are stored in a
> protected area

not really.  use regedt32 as administrator to grant access to the SAM 
database, and then run pwdump.

or, run the equivalent NT resource kit program.

> (not part of the file system) and they are further
> protected by a key.

ho ho ho.  hee hee hee.

not in < NT 4.0 SP3 they aren't.  and only in >= NT 4.0 SP3 have they 
added _YET ANOTHER_ level of obfuscation, using a little program called 
syskey.exe.

> So the crypted passwords are more difficult to read.

if NT 4.0 can decrypt the SAM database (reverse-crypt performed by 
syskey) then so can anyone else.

> (while probably not impossible to steal)
> 
> Anyone can confirm this ?

consider this a confirmation.

luke

<a href="mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page   </a>
<br><b>  "Apply the Laws of Nature to your environment before your
          environment applies the Laws of Nature to you"              </b>