DES with GnuTLS (was: Re: Samba and legacy Windows support)
Andrew Bartlett
abartlet at samba.org
Wed Oct 9 22:24:11 UTC 2019
On Tue, 2019-10-08 at 20:34 +0200, Andreas Schneider via samba-
technical wrote:
>
> Isaac and I will work on migrating the DES code to GnuTLS so that
> SMB1 still
> works.
Cool! I looked at the cryptography but never got a chance to prove if
GnuTLS allowed it. DES-CBC with an all-zero IV seems to be just DES at
a maths level, so if that works we should be able to just use GnuTLS!
Sadly MSCHAPv2 is so well embedded that I don't think we will be rid of
DES or NTLM any time soon, but I certainly hope we can stop carrying
the crypto code for it.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list