Hi, There is something I've often wondered and I would like to have a definitive answer to.
When doing a network trace of a client connecting to a SMB server (smb1 or above), can the trace be shared publicly without leaking enough password information to make it crackable? I know: - the username and domain are pretty much in clear text (not confidential info, so ok I think) - password is hashed in various ways depending on the security mechanism. - some mechanism have known vulnerabilities that makes the password crackable in a reasonable amount of time. So I guess the question really is which mechanism are known to be safe as of today? And as a side question, which field could just be zero'd out in the trace (while keeping the req/resp packet) prior to publishing it in order to specifically not leak password data? Thanks. Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
