[23372] in bugtraq
Re: iXsecurity.tool.smbproxy.1.0.0
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Mon Dec 3 10:39:15 2001
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz>
Date: Sat, 1 Dec 2001 18:33:19 +0100 (MET)
To: patrik.karlsson@ixsecurity.com
Cc: bugtraq@securityfocus.com
In-Reply-To: <41256AFC.0058DF4E.00@guardianit.se>
Message-ID: <20011201180154.27F.0@bobanek.nowhere.cz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 6 Nov 2001 patrik.karlsson@ixsecurity.com wrote:
> Windows NT/2000 login:
> 1. A=>B: Requests a logon to the server.
> 2. B=>A: N
> 3. A=>B: E(N,H(P))
> The server can check S=D(N,E(N,H(P))) or E(N,S)=E(N,H(P)).
>
> If Eve eavesdrops the login she can get S by D(N,E(N,H(P))).
If this was true, it would be very bad news (or very good news for
certain people). Fortunately (unfortunately), according to my
understanding of the protocol, A's response in step 3 is N encrypted
by DES using H(P) as a *key*, and S = H(P) cannot be computed
given the result of encryption (E(N,H(P))...or E(H(P),N) using a
more common order of arguments) and the nonce (N) easily.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
