DES with GnuTLS (was: Re: Samba and legacy Windows support)

Andrew Bartlett abartlet at
Wed Oct 9 22:24:11 UTC 2019

On Tue, 2019-10-08 at 20:34 +0200, Andreas Schneider via samba-
technical wrote:
> Isaac and I will work on migrating the DES code to GnuTLS so that
> SMB1 still 
> works.

Cool!  I looked at the cryptography but never got a chance to prove if
GnuTLS allowed it.  DES-CBC with an all-zero IV seems to be just DES at
a maths level, so if that works we should be able to just use GnuTLS!

Sadly MSCHAPv2 is so well embedded that I don't think we will be rid of
DES or NTLM any time soon, but I certainly hope we can stop carrying
the crypto code for it. 

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT 

More information about the samba-technical mailing list