[Dovecot] Dovecots default NTLM Version
Andrey Panin
pazke at pazke.donpac.ru
Sun Mar 2 16:43:17 EET 2008
On 062, 03 02, 2008 at 06:55:09AM +0200, Timo Sirainen wrote:
> On Wed, 2008-02-27 at 12:46 +0300, Andrey Panin wrote:
> > Actually there is 4 authentication submethods inside the NTLM:
> > LM - server nonce only, highly vulnerable to MITM and rogue server attacks;
> > NTLM - different algorithm, almost equally vulnerable as LM today;
> > NTLM2 - server and client nonce, but MITM can force downgrade to NTLM/LM;
> > NTLMv2 - server and client nonce, MITM can't force downgrade.
> >
> > NTLM password hash is required for NTLM, NTLM2 and NTLMv2.
> >
> >
> > NTLMv2 can not be negotiated. It must be explicitly enabled on the client side
> > by setting registry key below to at least 3.
>
> So this basically means that unless NTLMv2 is explicitly enabled on
> client side, NTLM auth is insecure because MITM can force a downgrade?
Yes. Without NTLMv2 MITM can force downgrade to plain NTLM and then try
dictionary attack with predefined server nonce.
> Would there be a point in adding a setting to make Dovecot allow only
> NTLM2/NTLMv2, so a MITM-downgrade would only fail the authentication?
> For example mechanisms = NTLM enables NTLM2+v2 and mechanisms = NTLM
> NTLM1 enables both?
This will be good for security, but bad for backward compatibility.
Separate parameter (something like Windows LMCompatibilityLevel) perhaps ?
> BTW. I hope you don't mind I added your mail to wiki with small
> modifications: http://wiki.dovecot.org/Authentication/Mechanisms/NTLM
It's ok :)
--
Andrey Panin | Linux and UNIX system administrator
pazke at donpac.ru | PGP key: wwwkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20080302/a17e2cf5/attachment.bin
More information about the dovecot
mailing list