[Samba] Exclamation point (!) in password

L.P.H. van Belle belle at bazuin.nl
Thu Oct 7 14:14:52 UTC 2021 

Yes, what you showed on that cartoon is correct.. 
But still, I dont agree on statement (anymore, i use to also but..)  

A record was set for a computer trying to generate every conceivable password. 
It achieved a rate faster than 100,000,000,000 guesses per second.

Quantum computer are getting way way smaller..
https://newatlas.com/quantum-computing/quantum-computing-desktop-room-temperature/ 
It's not there yet, but its getting close.. 

So yeah, i do recommend everyone to use a long password as shown in that cartoon
But with complexity, because yeah, it was fairly nonsensical, with only 8 chars.. 
I recommend minimal 18 in length. 

This is why for example a bitcoin wallet has 12/24 words to unlock it. 


If its a bug then its a bug.. and this smells to me like a bug. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico 
> Kadel-Garcia via samba
> Verzonden: donderdag 7 oktober 2021 14:32
> Aan: Tobias Kirchhofer
> CC: sambalist
> Onderwerp: Re: [Samba] Exclamation point (!) in password
> 
> On Thu, Oct 7, 2021 at 7:36 AM Tobias Kirchhofer via samba
> <samba at lists.samba.org> wrote:
> >
> > Hi,
> >
> > recently we updated our Samba AD and Samba fileserver to 
> 4.15.0-SerNet-RedHat-4.el8 and discovered a problem with a 
> user wanted to connect to a samba share from a current macOS. 
> The user has a exclamation point (!) at the very end of the 
> password string. Samba disagrees with that and replies with 
> an authentication error.
> >
> > Testwise we changed the ‚!‘ to the penultimate character 
> and the logon works again.
> 
> If the "!' is in automatic scripting, rather than manual logging in,
> it may be your scripts interpreting it as syntactic sugar. If it's
> showing up even in manual logging in, then that *does* sound like a
> bug in Samba!
> 
> I will point out that the "Gotta put in special characters"
> requirement is fairly nonsensical, based on some ancient guidelines
> when password length was restricted to only 8 characters or so and
> dictionary attacks were easy. But these days, training every piece of
> password managing software in the world to correctly handle Unicode
> and syntactic sugar like $, !, #, ;, :, /, and @ is an incredible pain
> in the keister., much more easily and robustly handled by using longer
> passwords or passphrases without these problematic requirements.
> 
> See the old XKCD cartoon for mockery about just how silly it got.
> 
>     https://xkcd.com/936/
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list