"Secure" channel demystifying?

Henrik Nordstrom hno at squid-cache.org
Thu Jul 1 16:57:48 GMT 2004

On Thu, 1 Jul 2004, Dimitry V. Ketov wrote:

> > 1) the server can authenticate the machine, since it was
> > entered into the  domain by an admin. A malicious cracker 
> > can't plug his laptop into  a port and try to impersonate. 
> Sorry, still can't catch an idea of what that (just authenticated, not
> signed and not chyphered channel) adds to the challenge-handshake (NTLM)
> security...

Nothing really for the NTLM handshake as such, but there is a few fields
exchanged always encrypted unless my memory serves me wrong.. This
includes the "session key" and possibly other sensitive information.

> Is that true by default for NT workstations?

>From what I remember of NT this depends on the service pack level and 
then on registry settings to allow downgrade in later versions.

> > server  can't prove his identity. It's like SSL certificates
> Why spoofed "server" wil not be able to prove his identity?

He does not know the computer account password used in the mutual 
authenitcation sequence.


More information about the samba-technical mailing list