[cifs-protocol] sharing network traces and password hashes
Aurélien Aptel
aaptel at suse.com
Thu Oct 4 08:00:24 UTC 2018
Hi,
There is something I've often wondered and I would like to have a
definitive answer to.
When doing a network trace of a client connecting to a SMB server (smb1
or above), can the trace be shared publicly without leaking enough
password information to make it crackable?
I know:
- the username and domain are pretty much in clear text (not
confidential info, so ok I think)
- password is hashed in various ways depending on the security mechanism.
- some mechanism have known vulnerabilities that makes the password
crackable in a reasonable amount of time.
So I guess the question really is which mechanism are known to be safe
as of today?
And as a side question, which field could just be zero'd out in the
trace (while keeping the req/resp packet) prior to publishing it in
order to specifically not leak password data?
Thanks.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the cifs-protocol
mailing list