<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >> 
Date   : Tue, 15 Nov 2011 21:31:50 GMT
From   : jgh@... (J.G.Harston)
Subject: Request for Help - Security Research Project

Phil Blundell wrote:
> jgh wrote:
> > You could grab the hash off the wire, but it is of no use to you
> > as it was only valid for the station that had requested it, and
...
> Once you've got that plaintext hash (which, for a given password, will
> always be the same) you just need to ask the server for a new encryption
> key, re-encrypt the hash under your new key, and off you go.

No, the procedure is as follows:

* Client asks server for encryption key (NetFs_Op 66).
* Server supplies encyption key which varies from request to
  request
* Client encrypts password
* Client makes *I AM or *PASS call with encrypted password, which
  due to the changing encryption key varies from request to request
* Server receives encrypted command
  - Server checks: if the previous NetFS_Op from this client was
    not a request for an encrption key, return an error
  - Server checks: if the client took too long to use the encrption
    key, return an error

So:
- if the client trying to log on makes another NetFS_Op call
  between requesting the encrption key and using it, it fails
- if the client using the encryption key is not the same client as
  the one requesting the encrption key, it fails.
- if the client takes too long to use the encrption key, it fails
  (I think 2.56 seconds, ie &100 centiseconds)

Seeing the encrption key on the wire is useless as it is only valid
for the client that requested it.

Seeing the encrpypted password on the wire is useless as it is only
valid for that particular client-server transaction.

Grabbing both the encrption key and the encrpyted password could
possibly let you convert the encrypted password into plain text,
but the encryption is lossy so would result in many different
possible plain texts.

See http://mdfs.net/Docs/Books/SJMDFS/10-076 and
http://mdfs.net/Apps/Networking/NetUtils/EncLogon

-- 
J.G.Harston - jgh@...      - mdfs.net/jgh
Always appeal to a man's enlightened self interest, you can trust
him to look out for himself honestly. It's when you appeal to his
honour or the Common Good that he stops paying attention.
<< Previous Message Main Index Next Message >>
<< Previous Message in Thread This Month Next Message in Thread >>