Roeland M.J. Meyer
rmeyer at mhsc.com
Wed Dec 24 18:52:38 GMT 1997
At 22:00 24-12-97 +1100, Luke Kenneth Casson Leighton wrote:
>At 21:21 24-12-97 +1100, F. G. P. wrote:
>>I think, taking the encrypted password from /etc/passwd or /etc/shadow and
>>use it as nt-password is inpossible, because linux/unix uses a one-way
>>hash function to encrypt passwords, therefore it (should?) not be possible
>>to get the plaintext-password out of the /etc/passwd or /etc/shadow file.
>>Password on an nt-server are also encrypted (I hope so!!), but I believe
>>microsoft uses a reversible encryption.
>>This means, transforming an unix-password into an nt-password with only
>>knowing the encrypted text from /etc/passwd or /etc/shadow would actually
>>mean decrypting the password - which should be inpossible for todays
>>The reverse transformation , from an nt-encrypted password to an
>>unix-password should be possible - but I don't know any program which
>>would do this
>if (strequal(unixcrypt(lmcrypt(foo)), getunixlmpasswd(lkcl)))
Regardless of how it's done, it'll take too many CPU cycles to do, for a
production machine. Basically, what is asked for is a crack process on the
SMB passwd, to be run each time the passwd changes. Even if it is strictly
limited to passwd change events, consider the CPU cycles involved when
doing the initial passwd-crack run for a 1000-user database. Yes, it's
certainly do-able, on a short-run basis, but it can not happen in
zero-time. Even using the DBM approach I mentioned earlier, the DBM spacee
required will be measured in the 10's of GB, or larger (I haven't actually
run the exact calculations).
>about the only way i can think of that would get around this one is to
>modify the unix login system to go _via_ the 16 byte lm hash:
This is certainly unacceptable. As was pointed out earlier, the SMB passwd
is definitely crackable.
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail: mailto:rmeyer at mhsc.com
Personalweb pages: http://www.mhsc.com/~rmeyer
Company web-site: http://www.mhsc.com/
"The FBI doesn't want to read encrypted documents,
they want to read YOUR encrypted documents."
More information about the samba