[Samba] Is 'sec=ntlmsspi' with 'seal' secure over an untrusted network?
Erik Schulz
erikschulz184 at gmail.com
Wed Sep 6 14:25:42 UTC 2023
Hello,
I'm using a cloud provider's storage solution, which only works with SMB,
with username/password. I assume the best configuration with 'sec=ntlmsspi'
and 'seal'.
But is this secure over an untrusted network? (i.e. to satisfy a strict
security audit)
Microsoft states that "NTLMv2 is a little better, since it variable length
and salted hash, but not that much better" (than NTLMv1).
There's this article that talks about cracking NTLMSSP:
https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
I'm wondering if NTLMSSPI avoids these issues?
Or whether `seal` encrypts the connection, avoiding leaking any information
in the first place? ("The encryption algorithm used is AES-128-CCM"). Or
whether the encrypted connection is established later.
Thanks for any thoughts on this!
Kind regards
Erik
More information about the samba
mailing list