Public bug reported:

Binary package hint: samba

The smbpasswd facility of Samba currently uses two different hashes for
passwords, lanman and NTLMv2.  The lanman hash is *incredibly* insecure:
it is more vulnerable to brute-force attacks than historic Unix crypt()
hashes (lanman consists of an unsalted hash of the upper-case form of
the plaintext password, broken into two groups of 7 chars).  It is also
only needed for Win95/98/ME clients, as newer Windows clients use the
NTLMv2 hash.

Samba should support a new smb.conf option to toggle whether lanman
hashes will be generated on password updates, and creation of lanman
hashes should be disabled on Ubuntu by default.  This should be
considered a prerequisite to enabling smbpasswd synchronization by
default, due to the security implications.

** Affects: samba (Ubuntu)
     Importance: Undecided
     Assignee: Steve Langasek (vorlon)
         Status: New

-- 
need option to disable creation of lanman hashes
https://bugs.launchpad.net/bugs/163194
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to