On Wed, 2008-02-27 at 12:46 +0300, Andrey Panin wrote:
Actually there is 4 authentication submethods inside the NTLM: LM - server nonce only, highly vulnerable to MITM and rogue server attacks; NTLM - different algorithm, almost equally vulnerable as LM today; NTLM2 - server and client nonce, but MITM can force downgrade to NTLM/LM; NTLMv2 - server and client nonce, MITM can't force downgrade.
NTLM password hash is required for NTLM, NTLM2 and NTLMv2.
NTLMv2 can not be negotiated. It must be explicitly enabled on the client side by setting registry key below to at least 3.
So this basically means that unless NTLMv2 is explicitly enabled on client side, NTLM auth is insecure because MITM can force a downgrade?
Would there be a point in adding a setting to make Dovecot allow only NTLM2/NTLMv2, so a MITM-downgrade would only fail the authentication? For example mechanisms = NTLM enables NTLM2+v2 and mechanisms = NTLM NTLM1 enables both?
BTW. I hope you don't mind I added your mail to wiki with small modifications: http://wiki.dovecot.org/Authentication/Mechanisms/NTLM