"Secure" channel demystifying?
Dimitry V. Ketov
Dimitry.Ketov at avalon.ru
Thu Jul 1 10:58:02 GMT 2004
> -----Original Message-----
> From: Peter Waechtler [mailto:peter at helios.de]
> The global problem is mutual authentication. You gain 2
> profits with that:
> 1) the server can authenticate the machine, since it was
> entered into the domain by an admin. A malicious cracker
> can't plug his laptop into a port and try to impersonate.
Sorry, still can't catch an idea of what that (just authenticated, not
signed and not chyphered channel) adds to the challenge-handshake (NTLM)
> This alone does not prevent the use of keyboard sniffers
> (local security of client machine) etc.]
> 2) the client can be "more" sure about passing the
> challenge/response token to the "right" server. Without that
> a cracker could spoof his laptop as DC. If the passwords
> would be passed with a reversible algorithm he would get
> them. With NTLM he can build a dictionary of challenge->hash.
> It's not only theoretical: the server possibly downgrades
> the client to sent the password in clear... The client
> machine wouldn't do that if SChannel is mandatory and the
Is that true by default for NT workstations?
> server can't prove his identity. It's like SSL certificates
Why spoofed "server" wil not be able to prove his identity?
> and fingerprints. If the certificate is invalid the user
> ignores that and sents the PIN ;)
> > PS. Yes, I'm aware of today's secure channel signing and
> cyphering ;)
> Then, why do you ask? ;)
Trying to figure out what _actual_ problems that channel solved without
signing and chypering.
More information about the samba-technical