On Wed, 2008-02-27 at 12:46 +0300, Andrey Panin wrote: > Actually there is 4 authentication submethods inside the NTLM: > LM - server nonce only, highly vulnerable to MITM and rogue server attacks; > NTLM - different algorithm, almost equally vulnerable as LM today; > NTLM2 - server and client nonce, but MITM can force downgrade to NTLM/LM; > NTLMv2 - server and client nonce, MITM can't force downgrade. > > NTLM password hash is required for NTLM, NTLM2 and NTLMv2. > > > NTLMv2 can not be negotiated. It must be explicitly enabled on the client side > by setting registry key below to at least 3.
So this basically means that unless NTLMv2 is explicitly enabled on client side, NTLM auth is insecure because MITM can force a downgrade? Would there be a point in adding a setting to make Dovecot allow only NTLM2/NTLMv2, so a MITM-downgrade would only fail the authentication? For example mechanisms = NTLM enables NTLM2+v2 and mechanisms = NTLM NTLM1 enables both? BTW. I hope you don't mind I added your mail to wiki with small modifications: http://wiki.dovecot.org/Authentication/Mechanisms/NTLM
signature.asc
Description: This is a digitally signed message part
