SAMBA digest 1372

Jeremy Allison jallison at whistle.com
Thu Jul 31 16:02:18 GMT 1997


David Allan Finch wrote:

> Has anyone considerd modify the Unix encypt to use
> the same system as NT. IE the encypted pasword in the
> /etc/passwd or NIS/NIS+ table is the same for both?

Err. That would be a *really* bad idea. See the l0phtcrack
source for details :-).

Seriously, though. The password hashes used on NT are very
poor. They don't use salt and people are now speculating
on using the unicode regularity of NT hashes (alternating zero
bytes) to attack that further.

This is the reason I say in ENCRYPT.txt that the smbpasswd
file must be read only for root, no permissions to anyone
else. Oh, and it's also plaintext equivalent, as far as the
smb protocols are concerned. Making it available via NIS/YP
would be bad.

Jeremy Allison.
Samba Team.
-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------


More information about the samba mailing list