[linux-cifs-client] Re: [PATCH]: mount.cifs: Allows passwords of length upto 127 bytes

Andrew Bartlett abartlet at samba.org
Wed Feb 27 19:59:44 GMT 2008


On Wed, 2008-02-27 at 23:14 +0530, Suresh Jayaraman wrote:
> The current mount.cifs code restricts the maximum password length to 16
> bytes. This limit seems to have been introduced due to LanMan and NTLM 
> hashing.
> 
> However, the Windows versions above Windows 98 (Windows 2000, XP and
> above including Samba), support passwords up to 127 characters. NTLM
> passwords are limited only in GUI

Only in the GUI on NT4 as I understand it. 

> , because the dialog box limits it to
> 14 characters. So it makes sense for mount.cifs to allow passwords up to
> 127 characters.
> 
> The above patch was already discussed in linux-cifs-client mailing
> list. But, Steve was little unsure about the associated kernel patch
> which adds a kernel warning if the length exceeds. Re-posting the 
> mount.cifs patch alone (Ccing samba-technical as well).

It seems entirely reasonable not to have any limit here, except to
prevent abuse.  If MD4 can handle it, then it's a valid password.  

If you were so silly as to force lanman encryption with the long
password, only the first 14 DOS bytes would be used, so Samba just
disables that weak encryption in this case (as it makes no sense). 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux-cifs-client/attachments/20080228/172a1396/attachment.bin


More information about the linux-cifs-client mailing list