VanLUG Email Archive
However, the LM/NT schemes are better from the point of
view of network security because of the use of challenge/response .
One of obstacles to acceptance of CHAP PPP authentication in a
unique environment is that the server would need access to the
plaintext password, at least if we're dealing with a standard UNIX
crypt(3)'d password.
NT solves this by using a challenge/response system on top of
initial hashing. Of course nothing is stopping people from doing
this in Linux-based PPP clients/daemons.
If somebody gets hold of either the smbpasswd or the /etc/shadow
file, then I wouldn't place bets on all users using uncrackable passwords.
One of my passwords [now superseded!] was a strange foreign word,
but it was found by a cracking program. A chain is strong as its weakest
link.
-----Original Message-----
From: Ted Powell <
>
To: R Garth Wood <
>; Alan Hodgson
<
>
Cc: Vancouver Linux Users Group <
>
Date: September 28, 1998 1:26 PM
Subject: Re: samba and encrypted passwords
>On Mon, Sep 28, 1998 at 02:58:11PM -0400, R Garth Wood wrote:
>> [...]
>> Samba should bne able to read the unix file and generate
>> teh NT encrypted one w/o having two files.
>
>Neither the LanManager nor the Windows NT style 16 bit hashed versions
>of the user's password (which are stored in the Samba password file) are
>compatible with the UNIX hash of the user's password.
>
>So, to implement this suggestion, it would be necessary for Samba to
>crack the Unix hash of the password--which, btw, is said to be more
>secure than either of the other two--and then rehash it in the
>LanManager and Windows NT styles.
>
>--
>
http://psg.com/~ted/ (Ted Powell)
>If your hard drive crashes, perhaps you have a recent backup. If Earth
>crashes, what then? We need off-site backup: Luna, L5, Mars, wherever.
>
>