[Samba] How does SMB 3.0 encryption work?
mathias dufresne
infractory at gmail.com
Thu Aug 24 09:14:19 UTC 2017
Hi,
A bit late, I was in vacations, but thank you a lot for this detailed
explanation Andrew.
Greetings,
mathias
2017-08-18 22:04 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:
> On Fri, 2017-08-18 at 14:57 +0200, mathias dufresne wrote:
> > Hi,
> >
> > This question is interesting and laeds me to another one:
> > As KDC send a ticket to the client when trying to authenticate
> > (something which should decrypted using user's password), is it
> > possible to brute force this initial ticket locally?
>
> Yes. You can also brute force the ticket given to the server, if the
> server has a weak password (we hope not).
>
> FAST is a Kerberos extension designed to avoid that, by first
> authenticating the workstation to the KDC, and then using a tunnel
> crated with that stronger password for your user ticket exchange.
>
> Samba's Heimdal doesn't support that (modern versions do), but MIT does
> and this is part of the motivation for a move to MIT Kerberos.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/
> services/samba
>
>
More information about the samba
mailing list