Bugtraq: Re: iXsecurity.tool.smbproxy.1.0.0

["Pavel Kankovsky" <peak () argo troja mff cuni cz>]

On Tue, 6 Nov 2001 patrik.karlsson () ixsecurity com wrote:

> Windows NT/2000 login:
> 1. A=>B: Requests a logon to the server.
> 2. B=>A: N
> 3. A=>B: E(N,H(P))
> The server can check S=D(N,E(N,H(P))) or E(N,S)=E(N,H(P)).
>
> If Eve eavesdrops the login she can get S by D(N,E(N,H(P))).
If this was true, it would be very bad news (or very good news for
certain people). Fortunately (unfortunately), according to my
understanding of the protocol, A's response in step 3 is N encrypted
by DES using H(P) as a *key*, and S = H(P) cannot be computed
given the result of encryption (E(N,H(P))...or E(H(P),N) using a
more common order of arguments) and the nonce (N) easily.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."