[jcifs] NTLM session security

[Christopher R. Hertel]

SMB signing is used to protect against man-in-the-middle attacks.  That's
all that it is really capable of doing.

The SMB Extensions for Unix, which are an unofficial set of extensions
supported by Samba, the Linux CIFS client, and Apple's client (I believe),
are supposed to support encrypted transfers.  As far as I know (I may be
wrong), no client has yet implemented the encryption feature.

Microsoft is also interested in having third parties create a set of Unix
extensions for SMB2.  Yes, really.

Chris -)-----

Mohan Radhakrishnan wrote:
> Hi,
> 
>      I might have understand this wrongly. Does this mean all data
> passing through the socket using JCIFS is signed and verified at the
> other end ?
> 
> Thanks,
> Mohan
> 
> -----Original Message-----
> From: jcifs-bounces at lists.samba.org
> [mailto:jcifs-bounces at lists.samba.org] On Behalf Of Michael B Allen
> Sent: Friday, October 07, 2011 10:21 AM
> To: Suhas Sutar
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] NTLM session security
> 
> On Wed, Oct 5, 2011 at 10:48 AM, Suhas Sutar <suhassutar at gmail.com>
> wrote:
>> Hello
>> I wanted to confirm if JCIFS supports NTLM v2 session security
> feature. None of
>> the documentation specifically mentions it.
> 
> Hi Suhas,
> 
> No. JCIFS implements message signatures which are derived from the
> session key negotiated during NTLM auth so there is some apparatus to
> compute a key internally. But you cannot use JCIFS to sign and seal
> streams of data. That would require crypto that is not required by
> CIFS and so it's been left out.
> 
> Mike
> 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org