[Samba] How does SMB 3.0 encryption work?

Andrew Bartlett abartlet at samba.org
Mon Aug 14 19:28:22 UTC 2017

On Mon, 2017-08-14 at 06:45 -0400, Daniel Benoy via samba wrote:
> Is it perhaps using your password somehow? Like, if an attacker knew the 
> password that the client is using to connect, would it then be able to 
> MITM and watch all the writes and reads that client performs, but since 
> an attacker is unlikely to know your password already, then they're 
> unable to know the initial symmetric cipher that each side is 
> expecting... or something like that?

This is essentially correct, for NTLM.

For Kerberos, it is the shared secret between the KDC and the file
server, and then the password between you and the KDC.

I'm drastically simplifying and in both cases, session keys are not
directly the password, but things encrypted with the password and

It isn't public key based.

I hope this helps, 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list