"Secure" channel demystifying?

Henrik Nordstrom hno at squid-cache.org
Thu Jul 1 16:57:48 GMT 2004


On Thu, 1 Jul 2004, Dimitry V. Ketov wrote:

> > 1) the server can authenticate the machine, since it was
> > entered into the  domain by an admin. A malicious cracker 
> > can't plug his laptop into  a port and try to impersonate. 
>
> Sorry, still can't catch an idea of what that (just authenticated, not
> signed and not chyphered channel) adds to the challenge-handshake (NTLM)
> security...

Nothing really for the NTLM handshake as such, but there is a few fields
exchanged always encrypted unless my memory serves me wrong.. This
includes the "session key" and possibly other sensitive information.

> Is that true by default for NT workstations?

>From what I remember of NT this depends on the service pack level and 
then on registry settings to allow downgrade in later versions.

> > server  can't prove his identity. It's like SSL certificates
>
> Why spoofed "server" wil not be able to prove his identity?

He does not know the computer account password used in the mutual 
authenitcation sequence.

Regards
Henrik



More information about the samba-technical mailing list