[cifs-protocol] [REG:118100419158690] sharing network traces and password hashes
Jeff McCashland
jeffm at microsoft.com
Thu Oct 4 13:26:29 UTC 2018
[DocHelp to BCC, casemail on CC, SR ID on Subject]
Hello Aurélien,
Thank you for your question. We have created SR 118100419158690 to track this issue. One of our engineers will respond soon to assist you.
Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback. My manager is Rama Ganesan (ramagane), +1 (425) 703-8712
-----Original Message-----
From: Aurélien Aptel <aaptel at suse.com>
Sent: Thursday, October 04, 2018 1:00 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: sharing network traces and password hashes
Hi,
There is something I've often wondered and I would like to have a definitive answer to.
When doing a network trace of a client connecting to a SMB server (smb1 or above), can the trace be shared publicly without leaking enough password information to make it crackable?
I know:
- the username and domain are pretty much in clear text (not
confidential info, so ok I think)
- password is hashed in various ways depending on the security mechanism.
- some mechanism have known vulnerabilities that makes the password
crackable in a reasonable amount of time.
So I guess the question really is which mechanism are known to be safe as of today?
And as a side question, which field could just be zero'd out in the trace (while keeping the req/resp packet) prior to publishing it in order to specifically not leak password data?
Thanks.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the cifs-protocol
mailing list