Public bug reported:
Binary package hint: samba
The smbpasswd facility of Samba currently uses two different hashes for
passwords, lanman and NTLMv2. The lanman hash is *incredibly* insecure:
it is more vulnerable to brute-force attacks than historic Unix crypt()
hashes (lanman consists of an unsalted hash of the upper-case form of
the plaintext password, broken into two groups of 7 chars). It is also
only needed for Win95/98/ME clients, as newer Windows clients use the
NTLMv2 hash.
Samba should support a new smb.conf option to toggle whether lanman
hashes will be generated on password updates, and creation of lanman
hashes should be disabled on Ubuntu by default. This should be
considered a prerequisite to enabling smbpasswd synchronization by
default, due to the security implications.
** Affects: samba (Ubuntu)
Importance: Undecided
Assignee: Steve Langasek (vorlon)
Status: New
--
need option to disable creation of lanman hashes
https://bugs.launchpad.net/bugs/163194
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs