[Samba] how safe is "net use" in a batch file? plus some encryption questions
Rowland Penny
rpenny at samba.org
Sat Nov 11 19:48:01 UTC 2017
On Sat, 11 Nov 2017 13:32:31 -0600
Andrew Walker <walker.aj325 at gmail.com> wrote:
> I thought "net use" will use ntlm for auth (no clear-text passwords
> passing over the wire). At least that's what I see in wireshark on
> modern windows.
>
If you use NTLMv1, you might as well use plain passwords. Given the
NTLMv1 password, it would take your average badhat about half an hour
to have the plain password.
>
> Unless your XP systems are air-gapped, it is that bad ;-)
>
> I know that in some cases it's impractical to upgrade Windows
> versions. For instance, I helped a man once who had a machine shop /
> small business. His CNC mill required windows 98. Replacing the CNC
> mill would cost over $50,000, which was not practical; however,
> keeping the network air-gapped was practical.
There are cases when using an old OS version is valid, but they are few
and far between, the case above is one of them. In Stefan's case, I am
sure that an upgrade path can be found, it may prove to be cheaper in
the long run ;-)
Rowland
More information about the samba
mailing list