[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

-----Original Message-----
From: tridge at samba.org [<a  rel="nofollow" href="mailto:tridge";>mailto:tridge</a> at samba.org] 
Sent: Thursday, June 03, 2004 7:50 AM
To: samba-technical at samba.org
Subject: Re: ADS netlogon crypto challenge - solved!

The challenge has been solved!

Congratulations to Luke Howard from PADL for solving the challenge! Of
course, I feel a little stupid as the solution is just a pair of
chained DES calls, which is extremely similar to the 64 bit case that
we already handled. I did test this possibility, but had a bug in my
test code at the time. Arrgh!

If anyone is interested, I have updates the sesskey.tgz to include the
solution. I will commit the resulting new Samba4 code tomorrow and
soon afterwards I expect to be able to demonstrate our first domain
logons as a ADS domain controller. There is still a long way to go in
making Samba4 a fully function ADS DC (for example, we do no LDAP
server side stuff at all yet), but this is a big step in the right
direction.

Cheers, Tridge



Denny Chambers wrote:

&gt; Any of you Samba/Crypto guys up to the challenge in your free time?
&gt;
&gt;
&gt; -----Original Message-----
&gt; From: tridge at samba.org [<a  rel="nofollow" href="mailto:tridge";>mailto:tridge</a> at samba.org] Sent: Wednesday, June 
&gt; 02, 2004 8:00 PM
&gt; To: samba-technical at samba.org
&gt; Subject: ADS netlogon crypto challenge
&gt;
&gt; Anyone feel like a bit of a challenge? Fancy yourself as a
&gt; crypto-geek?
&gt;
&gt; Have a look at <a  rel="nofollow" href="http://samba.org/ftp/tridge/misc/sesskey.tgz";>http://samba.org/ftp/tridge/misc/sesskey.tgz</a>
&gt;
&gt; This problem is the current stumbling block to Samba4 being an Active
&gt; Directory domain controller. Windows clients can join a Samba4 ADS
&gt; domain, but they can't login as we haven't worked out the algorithm
&gt; shown in the above bit of code.
&gt;
&gt; To try your hand, download the above code and run on a x86 linux
&gt; machine (sorry, it assumes little-endian, please feel free to fix that
&gt; if you wish). Modify the algorithm until it says &quot;Credential right!&quot;.
&gt;
&gt; A brief moment of fame can be yours!
&gt;
&gt; Cheers, Tridge
&gt;
&gt;------------------------------------------------------------------------
&gt;
&gt;_______________________________________________
&gt;Ale mailing list
&gt;Ale at ale.org
&gt;<a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;  
&gt;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3190 bytes
Desc: S/MIME Cryptographic Signature



</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00037" href="msg00037.html">[ale] FW: ADS netlogon crypto challenge</a></strong>
<ul><li><em>From:</em> dchambers at bugfixer.net (Denny Chambers)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00047.html">[ale] jobs open @ N2 Broadband</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00049.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00037.html">[ale] FW: ADS netlogon crypto challenge</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00038.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00048"><strong>Date</strong></a></li>
<li><a href="threads.html#00048"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>