Re: Security

[Kaz Kylheku]

In article <address@hidden>, Mike Castle wrote:
>On Sun, Sep 16, 2001 at 08:37:26PM -0400, Stevie O wrote:
>> The method I suggestion is no stronger than pserver is; it simply makes it 
>> harder for someone to sniff the password off the network (which is 
>
>Harder how?
>
>I don't have to decrypt your DES encrypted password.
>
>I just have to use my hacked cvs client to take your DES encrypted password
>from the command line and use it directly.
>
>It gains nothing.
>
>This is what MS added to SMB.  And it didn't gain them anything either.

You mean NTLM authentication? It's used for things other than SMB.
Microsoft Exchange can, for instance, NTLM authenticate with extensions to
IMAP for doing so.  Microsoft IIS can also force NTLM authentication of
pages. This authentication scheme pops up in a few places. Anything that
wants to authenticate against an NT domain needs to support it.

It's crackable, but it's *not* as easy as simply fleecing passwords
from the network.  You cannot just decrypt the passwords; they are not
encrypted but rather subject to a one-way hash.

The idea is that the server that wishes to authenticate you sends you
some random bits.  To prove that you know the password, you scramble those
random bits using a one-way hashing function that mixes in the password,
then send it back to the server. Or something along those lines.

Whatever you send back is only good for *that choice* of the server's
random bits, so the response cannot just be replayed by an impostor
to fool the server into authenticating.

Of course, an eavesdropper can see the server's random bits, as well as
your response. Thus having the input and output of the hashing function,
he can apply a dictionary attack (at the very least).  Because this
kind of attack is possible, only a fool (e.g. Microsoft) would use this
kind of authentication scheme over plaintext channel.   Reasonably
designed security products for Windows perform this authentication only
after establishing an encrypted channel.