[cryptography] NTLM Challenge Response is 100% Broken (Yes, this is still relevant)

Jeffrey Walton noloader at gmail.com
Wed Jan 9 13:34:17 EST 2013

On Wed, Jan 9, 2013 at 12:07 AM, yersinia <yersinia.spiros at gmail.com> wrote:
> On Wed, Jan 9, 2013 at 2:17 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>> http://markgamache.blogspot.com/2013/01/ntlm-challenge-response-is-100-broken.html
> Thank you. Beautiful article. Do you know the equivalent samba
> setting, as a server,
> for level 5 "Send NTLMv2 response only/refuse LM and NTLM" ? Is not so
> clear from the documentation
> and these days, with samba 4 out, could be very interesting to know.
Jeremy Allison of the Samba Security team suggested:

    Default: ntlm auth = yes

    to :

    Default: ntlm auth = no

    in smb.conf.


More information about the cryptography mailing list