[Samba] NTLM

Eustáquio Rangel eustaquiorangel at gmail.com
Sat Oct 3 10:23:49 MDT 2009

Hey there!

Can you guys tell me about what's the status of docs of NTLM/NTLMv2
provided by Microsoft?

Let me explain why I need that: we had here a discussion on a local
college about "free x proprietary software", and the Microsoft guy
(always them, right?) told us about a case where he claimed that
Firefox sent one user username and password through the network
without encription.

On the next day I asked the Microsoft guy for some reference about the
case he talked about. He sent me this URL:


I translated it with Google and seems that make some sense:


Trying to resume all the whole stuff, he's complaining that Firefox
automatically decreased the safety level to NTLM (not using NTLMv2),
when used with Windows Vista, without warning the user about that,
sending the username and password as plain text, and for that reason
Firefox is "junk", not IE (oh,boy), who worked on the expected way.

I'll write a post on my blog (http://eustaquiorangel.com, it's
Portuguese but I'm wondering on this case would not be a good idea to
make an English version also) about all this and we'll continue the
discussion on the college on the next, but first I'd like to ask you
about that.

Seems you Samba guys made some reverse engineering over time to deal
with NTLM and after some
years Microsoft released some docs, but I don't know it they are with
enough quality to use and if you are still making reverse engineering
and perhaps living with some patent risk, as I could not find
information enough about the "copyright" of this protocol, which is
the first point I'm planning to talk about on the discussion.


More information about the samba mailing list