Web lists-archives.com

Re: [Samba] how safe is "net use" in a batch file? plus some encryption questions




Am 2017-11-11 um 13:36 schrieb Rowland Penny:

> As far as I am aware, 'net use' sends the password unencrypted, so if
> someone is trying to 'sniff' the password, they will get it, but then
> if the password is stored in the bat file unencrypted and anybody can
> read the bat file, they wont need to 'sniff' the password.

Yes, we know ;-)

The thin client with the batch file is physically far away from the
server which is in a protected rack inside a closed basement.

I think I will try to wireshark such a session. Just to learn.

> You can make XP use NTLMv2, see here:
> 
> https://www.imss.caltech.edu/node/396

Great, I will test that on monday. thanks.

> I don't know who your customer is, but they really should find a more
> up to date way of doing things.

That's why we talk and discuss these issues.

> Cannot help you with encryption, I don't use it. However I feel that I
> should point out that the rest of the system seems to be so insecure,
> that if a badhat does get in, they will problem get the encryption keys
> as well.

oh, come on, it's not that bad ;-)
greets, Stefan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba