NTLMSSP in SMB
Andrew Bartlett
abartlet at samba.org
Mon Jul 27 06:10:24 UTC 2015
On Sat, 2015-07-25 at 12:25 +0530, Sarat G wrote:
> Hi,
> Few months back, as a part of my project I have been into SMB and
> Samba
> Code. In my scenario I'm using NTLMV2 for authentication. I read in
> microsoft specs and everywhere that NTLM hashed are strong enough.
> Being a
> post graduate in Information Security, it's easy for me to understand
> that.
> So, here my question is like suppose if I want suggest some things to
> NTLM,
> whom should I have to contact.
> Because I have few things in mind that, why can't they negotiate hash
> algorithms also in NTLMSSP if they much about the use of week MD4 in
> NTLMSSP.
> I have been worked on this for a month, and come up with my
> suggestions to
> make NTLM much secure.
> Can some let me the know point of contact for these kind of things,
> if
> Samba team like to here more from I'm happy to share my thoughts.
> I'm not this is the right platform to ask this question, kindly
> ignore this
> if you feel it's irrelevant here.
> Thank You.
You are welcome to post your thoughts, but I will warn that the last
substantial improvement to NTLMSSP, being NTLMv2, took about a decade
to take hold.
A better approach would be tunnelled kerberos, gaining the security of
kerberos without needing to know where to find the KDC directly.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list