[ale] FW: ADS netlogon crypto challenge
Denny Chambers
dchambers at bugfixer.net
Thu Jun 3 11:54:46 EDT 2004
Too late -- it's solved. That didn't take long. Man I love open source.
-----Original Message-----
From: tridge at samba.org [mailto:tridge at samba.org]
Sent: Thursday, June 03, 2004 7:50 AM
To: samba-technical at samba.org
Subject: Re: ADS netlogon crypto challenge - solved!
The challenge has been solved!
Congratulations to Luke Howard from PADL for solving the challenge! Of
course, I feel a little stupid as the solution is just a pair of
chained DES calls, which is extremely similar to the 64 bit case that
we already handled. I did test this possibility, but had a bug in my
test code at the time. Arrgh!
If anyone is interested, I have updates the sesskey.tgz to include the
solution. I will commit the resulting new Samba4 code tomorrow and
soon afterwards I expect to be able to demonstrate our first domain
logons as a ADS domain controller. There is still a long way to go in
making Samba4 a fully function ADS DC (for example, we do no LDAP
server side stuff at all yet), but this is a big step in the right
direction.
Cheers, Tridge
Denny Chambers wrote:
> Any of you Samba/Crypto guys up to the challenge in your free time?
>
>
> -----Original Message-----
> From: tridge at samba.org [mailto:tridge at samba.org] Sent: Wednesday, June
> 02, 2004 8:00 PM
> To: samba-technical at samba.org
> Subject: ADS netlogon crypto challenge
>
> Anyone feel like a bit of a challenge? Fancy yourself as a
> crypto-geek?
>
> Have a look at http://samba.org/ftp/tridge/misc/sesskey.tgz
>
> This problem is the current stumbling block to Samba4 being an Active
> Directory domain controller. Windows clients can join a Samba4 ADS
> domain, but they can't login as we haven't worked out the algorithm
> shown in the above bit of code.
>
> To try your hand, download the above code and run on a x86 linux
> machine (sorry, it assumes little-endian, please feel free to fix that
> if you wish). Modify the algorithm until it says "Credential right!".
>
> A brief moment of fame can be yours!
>
> Cheers, Tridge
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3190 bytes
Desc: S/MIME Cryptographic Signature
More information about the Ale
mailing list