[cifs-protocol] [REG:118100419158690] sharing network traces and password hashes

Jeff McCashland jeffm at microsoft.com
Thu Oct 4 13:26:29 UTC 2018

[DocHelp to BCC, casemail on CC, SR ID on Subject]

Hello Aurélien,

Thank you for your question. We have created SR 118100419158690 to track this issue. One of our engineers will respond soon to assist you.

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Rama Ganesan (ramagane), +1 (425) 703-8712

-----Original Message-----
From: Aurélien Aptel <aaptel at suse.com> 
Sent: Thursday, October 04, 2018 1:00 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: sharing network traces and password hashes


There is something I've often wondered and I would like to have a definitive answer to.

When doing a network trace of a client connecting to a SMB server (smb1 or above), can the trace be shared publicly without leaking enough password information to make it crackable?

I know:
- the username and domain are pretty much in clear text (not
  confidential info, so ok I think)
- password is hashed in various ways depending on the security mechanism.
- some mechanism have known vulnerabilities that makes the password
  crackable in a reasonable amount of time.

So I guess the question really is which mechanism are known to be safe as of today?

And as a side question, which field could just be zero'd out in the trace (while keeping the req/resp packet) prior to publishing it in order to specifically not leak password data?


Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

More information about the cifs-protocol mailing list