R: R: password policy on samba 3.0
simo.sorce at xsec.it
Wed Oct 29 12:51:21 GMT 2003
On Wed, 2003-10-29 at 13:02, Andrew Bartlett wrote:
> This may or may not be likely, but given the only purpose for storing
> this password is to compare it with a new plaintext, we can apply any
> one-way function we like. I think MD5(MD4(password)+salt) would be
> good, and not likely to be a useful value for attacking another system.
Agreed, enforcing the encryption is only good.
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
More information about the samba-technical