"Secure" channel demystifying?

Henrik Nordstrom hno at squid-cache.org
Mon Jul 12 23:22:12 GMT 2004 

On Mon, 12 Jul 2004, Dimitry V. Ketov wrote:

> > Yes, the NTLM challenges/responses is the same as NTLM would
> > not work otherwise. But the final response (not the NTLM
> > response) carrries
> > additional information.
>
> Do you mean that "user sesion key"

Yes, this is the most important and only sensitive detail returned.


> USER_INFO (user logon info)
> Note: it would be nice to know what the 16 byte user session key is for.

The user session key is used in MS-CHAP and a few other protocols in
addition to the NTLM handshake. It is directly derived from the password 
and is why it must be kept secret.

> > But not in the same order.. Look how the challenge is
> > generated. This mode of the NTLM/LANMAN protocols is only
>
> It's generated on the member server that is accessed.

Yes, and only member servers can ask the domain controller with specified 
challenge due to security implications.

As already indicated earlier in this thread there is security threats if a
"untrusted" station could freely verify NTLM exchanges with the domain
controller. Most trivially it would be possible for an attacker to verify
if the password is still the same by simply replaying the same NTLM
exchange to the domain controller.

> http://www.samba.org/samba/devel/docs/html/Samba-Developers-Guide.html#i
> d2878012
> >
> > In what sense?
>
> I meant that protocol describes only "interactive" NETLOGON, that uses
> shared secret key (based on the machine account password) for LM/NTLM
> responses computation, but my traces shows "remote" NETLOGON, that uses
> random challenge selected by member server for same purposes.

Ah.. I now look closely at the section you reference above. This section
does not document user authentication but only how member servers
authenticate themselves to the domain. It happens to end with an example
of a "Interactive Logon" exchanged over the established channel, but this
is only an illustation of how the encryption on the member server
"secure" channel operates.. Neither of these calls is using
NTLM.

The terminology I have seen for the user NTLM logon via a domain member is
"Network Logon" or "Pass-Through Logon".. It appears there is no section
in the developers guide documenting this in detail. These calls should be
the LSA SAM Logon / Logoff calls if I understand the document correctly
but I can not make head or tail of what the developers guide is trying to
say about these other than that they exists.. It is quite well documented
in "DCE/RPC over SMB" however (NetrSamLogon Network Logon mode).



To correct some misunderstandings earlier in this thread:

  "secure channel" = The authentication channel used by domain member 
servers to verify user credentials and have user profiles and user session 
keys returned in response. Establishes a mutual trust based on the 
computer account password.

  "schannel" = Signed and sealed channel available in NT4 SP4 and later.
Mandated for security reasons in authentication using "secure channel" as
"secure channel" alone is not secure (mitm modifying unprotected fields in
the response and similar attacks).


Regards
Henrik

More information about the samba-technical mailing list