Web lists-archives.com

[Samba] How does SMB 3.0 encryption work?




I'm interested in using SMB encryption to connect over untrusted networks. I see that I can enable it in samba with 'smb encrypt = ...' which is great, and I'm seeing posts from Microsoft (like this one: https://technet.microsoft.com/en-us/library/dn551363(v=ws.11).aspx) bragging about how it can detect man-in-the-middle attacks.

Can anyone point me at the basic details of how it's able to do that?

I understand how it works for TLS, by using a trusted third party to sign the site's public key so you know an attacker has not slipped their key in instead. I know how it works for SSH. You have to manually compare a fingerprint of the public key, and that key will be cached so that you can be warned if it changes. IPSec (among other options) can simply use a pre-shared key that uses a symmetric cipher.

All of these different methods require configuring the client (in one way or another) to prearrange some information that allows it to tell the difference between the real server and an imposter, but I don't see how to do that in my smb.conf, so it makes me wonder whether I'm protected, and google isn't helping.

Is it perhaps using your password somehow? Like, if an attacker knew the password that the client is using to connect, would it then be able to MITM and watch all the writes and reads that client performs, but since an attacker is unlikely to know your password already, then they're unable to know the initial symmetric cipher that each side is expecting... or something like that?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba