Regarding AUTH_CRAP and NTLMv2

Narendra Kumar S.S ssnkumar at gmail.com
Mon Jan 17 05:38:17 MST 2011


Hello Volker and Andrew,

    Thanks for the detailed clarifications.
    That really helps.

Warm Regards,
Narendra

Visit my blogs at:
http://ssnarendrakumar.blogspot.com/
   ___    ___    __    _
  /  __/  /  __/  /     | / /
_\   \   _ \   \   /   /| |/ /
\___/ \___/   /_/ |__/


On Mon, Jan 17, 2011 at 5:42 PM, Volker Lendecke
<Volker.Lendecke at sernet.de>wrote:

> On Mon, Jan 17, 2011 at 05:20:28PM +0530, Narendra Kumar S.S wrote:
> > I didn't tell you what I am trying to achieve out of this.
> > I am trying to write a simple application, which can sign a given SMB
> > packet.
> > I use tcpdump/wireshark to capture all the network traffic and take out
> the
> > smb packet for which I need to check the signature.
> > Since I have the complete trace, I know the sequence number of the
> packet.
> > The only thing that I don't know is the session key.
> > For NTLMv1, I am able to calculate the session key using AUTH_CRAP
> message
> > to winbind.
> > But, for NTLMv2, this is not working.
>
> And this is by design. What you want to achieve is
> cryptographically not possible. No chance. There is just not
> enough information in the wire traffic to do what you want.
> This is one important reason that NTLMv2 is regarded more
> secure than older authentication protocols: These MITM
> attacks have been made impossible.
>
> With best regards,
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
>


More information about the samba-technical mailing list