[Samba] security consideration
Stephen Carville
stephen at totalflood.com
Thu Feb 21 15:32:41 GMT 2002
On Fri, 22 Feb 2002, Andrew Bartlett wrote:
- "Ilia E. Chipitsine" wrote:
- >
- > Dear Sirs,
- >
- > is there any program like 'crack-5' in order to break smbpasswd ?
John the Ripper. The best cracker I've used so far.
- > what is stronger:
- >
- > 1) MD5 passwords ? (I'm using FreeBSD)
-
- Probably
-
- > 2) DES passwords ?
-
- weak, but if salted its not cleartext equiv
-
- > 3) Kerberos 5 ?
-
- Depends on enc types used, cleartext equiv
-
- > 4) smbpasswd ?
-
- Very weak, cleartext equiv.
-
- The LM hash in smbpasswd is very weak, and I'm told it can be 'broken'
- in rather short order.
While testing JtR on a 1 Ghz Pentium III with 256 Meg RAM, I
cracked an entire NT password database (150 username password
combinations) in 16 days. This included four or five of those long,
apparently random passwords generated for systems accounts and 10
purely random eight letter password inserted just for the test.
Theoretically JtR on that machine could exhaust the entire LANMAN
hash password space in about 30 days.
In a similar test done earlier on different file using a 450 Mhz PIII
with 512 Meg of RAM it took 28 days to crack the entire NT password
file.
Security-wise the LANAMN hash is really awful.
- But none of the above is relevent unless the passwords are not in the
- dictionary!
Amen to that! Even with MD5 encrypted passwrd from a Linux shadow
file, dictionary searches only take a few minutes.
--
-- Stephen Carville
UNIX and Network Administrator
DPSI (formerly Ace USA Flood Services)
310-342-3602
stephen at totalflood.com
More information about the samba
mailing list