Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 24 16:24:36 GMT 2001
> Yes, that is true. That's the problem with challenge-response, it's
> trivial to implement if you have a plaintext-equivalent stored, and
> much more complex if you don't. Then again, it's not like this is a
> new problem -- algorithms *do* exist in the literature (Diffie-Hellman,
> etc) and Microsoft could have used them. Maybe it had something to do
> with US export licensing. Or was it just the old security-by-obscurity
> ("nobody will ever reverse-engineer this stuff") sloppiness?
i really don't exactly know.
the Lanman hash is IBM's job (iirc) not ms [dating back to at least the
original X-open spec published 1983(?).]
definitely, somewhere, _someone_ got sloppy, dat for sure.
they're getting better. _if_ you keep an eye on them and track them like
a hawk. e.g. they fixed the SamrSetUserInfo(info level = 0x17 and 0x18)
security bug - these contain user passwords - but haven't told anyone how
they've done it. i have better hopes that they've got it right, this
time, but from past experience i remain skeptical. this time, i have some
rumour/evidence that they consulted some proper security experts in-house
about this one.
More information about the samba-ntdom