[PATCH] cifs: eliminate CONFIG_CIFS_WEAK_PW_HASH
Andrew Bartlett
abartlet at samba.org
Fri Jan 20 21:03:31 MST 2012
On Fri, 2012-01-20 at 14:45 -0600, Steve French wrote:
> My general thinking on this is as follows:
>
> If the kernel is distributed to all the workstations in an organization
> with this Kconfig option disabled, it makes it harder for individual users
> to make the mistake of enabling lanman (sec=lanman, or the Kconfig
> option) on a public network and thus send weak password hashes
> which could be discovered simply. Most distros make the choice
> of enabling broader compatibility with old pre-1997 servers but
> it is a very small set of servers who would require lanman support,
> and a large number of potential attackers who could benefit if
> users enable lanman on a public network. I suspect that there
> are environments where removing code (via Kconfig) is preferred
> to trusting all owners of all workstations running that organizations
> standard linux to never enable lanman at runtime.
>
> But ... the opinion of security specialists on this would be welcome.
We have been though some of this with the kerberos libs, which now allow
(default?) to not even compile with weak crypto. If the weak crypto is
not compiled in, it can therefore be asserted that the weak crypto
cannot be used, and this makes it easier to comply with security
audits/certification etc.
I don't want to make your code more complex than it needs to be, but LM
encryption really, really needs to go away. If it is not a major
bother, I would like to make it easier for that to happen if possible.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list