"Secure" channel demystifying?
Henrik Nordstrom
hno at squid-cache.org
Thu Jul 1 16:57:48 GMT 2004
On Thu, 1 Jul 2004, Dimitry V. Ketov wrote:
> > 1) the server can authenticate the machine, since it was
> > entered into the domain by an admin. A malicious cracker
> > can't plug his laptop into a port and try to impersonate.
>
> Sorry, still can't catch an idea of what that (just authenticated, not
> signed and not chyphered channel) adds to the challenge-handshake (NTLM)
> security...
Nothing really for the NTLM handshake as such, but there is a few fields
exchanged always encrypted unless my memory serves me wrong.. This
includes the "session key" and possibly other sensitive information.
> Is that true by default for NT workstations?
>From what I remember of NT this depends on the service pack level and
then on registry settings to allow downgrade in later versions.
> > server can't prove his identity. It's like SSL certificates
>
> Why spoofed "server" wil not be able to prove his identity?
He does not know the computer account password used in the mutual
authenitcation sequence.
Regards
Henrik
More information about the samba-technical
mailing list