DES with GnuTLS (was: Re: Samba and legacy Windows support)

Andrew Bartlett abartlet at samba.org
Wed Oct 9 22:24:11 UTC 2019


On Tue, 2019-10-08 at 20:34 +0200, Andreas Schneider via samba-
technical wrote:
> 
> Isaac and I will work on migrating the DES code to GnuTLS so that
> SMB1 still 
> works.

Cool!  I looked at the cryptography but never got a chance to prove if
GnuTLS allowed it.  DES-CBC with an all-zero IV seems to be just DES at
a maths level, so if that works we should be able to just use GnuTLS!

Sadly MSCHAPv2 is so well embedded that I don't think we will be rid of
DES or NTLM any time soon, but I certainly hope we can stop carrying
the crypto code for it. 

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba-technical mailing list