Aurelien, Thanks for reaching out for this interesting question. What protocol family are you investigating?
Regards, Edgar -----Original Message----- From: Jeff McCashland Sent: Thursday, October 4, 2018 8:26 AM To: Aurélien Aptel <aap...@suse.com>; cifs-protocol@lists.samba.org Cc: MSSolve Case Email <casem...@microsoft.com> Subject: [REG:118100419158690] sharing network traces and password hashes [DocHelp to BCC, casemail on CC, SR ID on Subject] Hello Aurélien, Thank you for your question. We have created SR 118100419158690 to track this issue. One of our engineers will respond soon to assist you. Best regards, Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cedgaro%40microsoft.com%7C54cf8b1a92c444cb285b08d629fd0078%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636742563943276521&sdata=CTJVqWPe9rUr%2B0UpQ7Ur5w74OHyOXZ8jnva2iU2m3a8%3D&reserved=0 | Extension 1138300 We value your feedback. My manager is Rama Ganesan (ramagane), +1 (425) 703-8712 -----Original Message----- From: Aurélien Aptel <aap...@suse.com> Sent: Thursday, October 04, 2018 1:00 AM To: Interoperability Documentation Help <doch...@microsoft.com>; cifs-protocol@lists.samba.org Subject: sharing network traces and password hashes Hi, There is something I've often wondered and I would like to have a definitive answer to. When doing a network trace of a client connecting to a SMB server (smb1 or above), can the trace be shared publicly without leaking enough password information to make it crackable? I know: - the username and domain are pretty much in clear text (not confidential info, so ok I think) - password is hashed in various ways depending on the security mechanism. - some mechanism have known vulnerabilities that makes the password crackable in a reasonable amount of time. So I guess the question really is which mechanism are known to be safe as of today? And as a side question, which field could just be zero'd out in the trace (while keeping the req/resp packet) prior to publishing it in order to specifically not leak password data? Thanks. Cheers, -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
