Web lists-archives.com

Re: [Samba] freeradius + NTLM + samba AD 4.5.x




On Mon, 2018-03-26 at 13:37 +0100, Rowland Penny via samba wrote:
> 
> 
> Have you ever heard of 'wannacry' ? or to put it another way 'VERY
> insecure'

To be clear, NTLMv1 and wannacry are unrelated.  (Wannacry/wannacrypt
used an SMBv1 exploit, but NTLMv1 is negotiable without SMBv1).

NTLMv1 is quite insecure, in that it was 24 hours and 100 USD of cloud
credit to crack a couple of years back.

Avoiding both is of course still a really good idea.  

SMBv1 isn't so much an insecure protocol as that SMBv2 has the fortune
of being implemented more recently, after coding techniques improved
both in the Samba Team and at Microsoft (and SMBv2 has some good
security features in the more recent versions).  

So, retiring SMBv1 allows us to retire a lot of code that was written
in the 1990's, which is a good thing. 

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba