[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: NTLMSSP in SMB
From:       Andrew Bartlett <abartlet () samba ! org>
Date:       2015-07-27 6:10:24
Message-ID: 1437977424.26882.17.camel () samba ! org
[Download RAW message or body]

On Sat, 2015-07-25 at 12:25 +0530, Sarat G wrote:
> Hi,
> Few months back, as a part of my project I have been into SMB and 
> Samba
> Code. In my scenario I'm using NTLMV2 for authentication. I read in
> microsoft specs and everywhere that NTLM hashed are strong enough. 
> Being a
> post graduate in Information Security, it's easy for me to understand 
> that.
> So, here my question is like suppose if I want suggest some things to 
> NTLM,
> whom should I have to contact.
> Because I have few things in mind that, why can't they negotiate hash
> algorithms also in NTLMSSP if they much about the use of week MD4 in
> NTLMSSP.
> I have been worked on this for a month, and come up with my 
> suggestions to
> make NTLM much secure.
> Can some let me the know point of contact for these kind of things, 
> if
> Samba team like to here more from I'm happy to share my thoughts.
> I'm not this is the right platform to ask this question, kindly 
> ignore this
> if you feel it's irrelevant here.
> Thank You.

You are welcome to post your thoughts, but I will warn that the last
substantial improvement to NTLMSSP, being NTLMv2, took about a decade
to take hold.  

A better approach would be tunnelled kerberos, gaining the security of
kerberos without needing to know where to find the KDC directly.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba






[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic