Re: R: Do not use stock RedHat 6.0 kernels with SMBFS! [OFF-TOPIC]

Michael H. Warfield (mhw@wittsend.com)
Fri, 11 Jun 1999 07:58:29 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrick Lerda: "[PPC] ext2 filesytem corruption on linux 2.2.9 PowerPC"
Previous message: Riley Williams: "Re: Profanity in the Linux Kernel?!?!?"

A. Wik enscribed thusly:
> On Thu, 10 Jun 1999, Steve Dodd wrote:

> > On Thu, Jun 10, 1999 at 06:48:30PM +0000, A. Wik wrote:

> > > Besides, unless public-key
> > > cryptography is used, passwords have to be stored in plain-text (or
> > > another sensitive format) on disk if they are to be encrypted on the
> > > network.

> > Rubbish. Store a secure one-way hash of the password. The problem is just
> > in choosing a secure algorithm.

> No, the one-way hashes are still sensitive (more so than a shadow file).

And what exactly do you think is stored in the shadow file?

Clue alert: They are one-way hashes! It uses either a DES based
hash with the password as the key to encrypt a known value or using MD5!
The only additional security with the shadow file is that it is readable
only by root, and that's actually one thing that Windows NT does BETTER.
On Window NT, the SAM database is actually open and locked by the operating
system and is not directly readable by ANYONE (not even the administrators)
while the OS is booted. That means crack the OS, physical access to reboot,
or brute force. With the shadow password, you only have to break root.
Then you have full access.

BTW... NTLM hashes (as opposed to LanMan hashes) are just as hard
to crack as the MD5 hashes in the shadow password file and a hell of a lot
harder to crack than the DES based hashes. Things like L0phtCrack for
cracking NT passwords depends on getting at the LanMan hashes which are
much easier to bust (lame comes to mind there).

There are "other techniques" which are not in general circulation
for busting certain password attributes off the wire with SMB protocols
but nothing that's inherent with one-way hashes in general.

Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick Lerda: "[PPC] ext2 filesytem corruption on linux 2.2.9 PowerPC"
Previous message: Riley Williams: "Re: Profanity in the Linux Kernel?!?!?"