Regarding AUTH_CRAP and NTLMv2
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Jan 17 05:12:36 MST 2011
On Mon, Jan 17, 2011 at 05:20:28PM +0530, Narendra Kumar S.S wrote:
> I didn't tell you what I am trying to achieve out of this.
> I am trying to write a simple application, which can sign a given SMB
> packet.
> I use tcpdump/wireshark to capture all the network traffic and take out the
> smb packet for which I need to check the signature.
> Since I have the complete trace, I know the sequence number of the packet.
> The only thing that I don't know is the session key.
> For NTLMv1, I am able to calculate the session key using AUTH_CRAP message
> to winbind.
> But, for NTLMv2, this is not working.
And this is by design. What you want to achieve is
cryptographically not possible. No chance. There is just not
enough information in the wire traffic to do what you want.
This is one important reason that NTLMv2 is regarded more
secure than older authentication protocols: These MITM
attacks have been made impossible.
With best regards,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list