[Samba] how safe is "net use" in a batch file? plus some encryption questions
Stefan G. Weichinger
lists at xunil.at
Sat Nov 11 18:26:21 UTC 2017
Am 2017-11-11 um 13:36 schrieb Rowland Penny:
> As far as I am aware, 'net use' sends the password unencrypted, so if
> someone is trying to 'sniff' the password, they will get it, but then
> if the password is stored in the bat file unencrypted and anybody can
> read the bat file, they wont need to 'sniff' the password.
Yes, we know ;-)
The thin client with the batch file is physically far away from the
server which is in a protected rack inside a closed basement.
I think I will try to wireshark such a session. Just to learn.
> You can make XP use NTLMv2, see here:
>
> https://www.imss.caltech.edu/node/396
Great, I will test that on monday. thanks.
> I don't know who your customer is, but they really should find a more
> up to date way of doing things.
That's why we talk and discuss these issues.
> Cannot help you with encryption, I don't use it. However I feel that I
> should point out that the rest of the system seems to be so insecure,
> that if a badhat does get in, they will problem get the encryption keys
> as well.
oh, come on, it's not that bad ;-)
greets, Stefan
More information about the samba
mailing list