Web lists-archives.com

Re: [Samba] How does SMB 3.0 encryption work?




Hi,

A bit late, I was in vacations, but thank you a lot for this detailed
explanation Andrew.

Greetings,

mathias

2017-08-18 22:04 GMT+02:00 Andrew Bartlett <abartlet@xxxxxxxxx>:

> On Fri, 2017-08-18 at 14:57 +0200, mathias dufresne wrote:
> > Hi,
> >
> > This question is interesting and laeds me to another one:
> > As KDC send a ticket to the client when trying to authenticate
> > (something which should decrypted using user's password), is it
> > possible to brute force this initial ticket locally?
>
> Yes.  You can also brute force the ticket given to the server, if the
> server has a weak password (we hope not).
>
> FAST is a Kerberos extension designed to avoid that, by first
> authenticating the workstation to the KDC, and then using a tunnel
> crated with that stronger password for your user ticket exchange.
>
> Samba's Heimdal doesn't support that (modern versions do), but MIT does
> and this is part of the motivation for a move to MIT Kerberos.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba