Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp32071pxb; Wed, 18 Aug 2021 15:09:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwAH1Bv1vjagkvlQ0O1I8rC3Dxbmhcn0fd4XA3VE/etMeUBzxulMdU5aHFYn20tBAmsL79b X-Received: by 2002:a17:906:1994:: with SMTP id g20mr3958831ejd.397.1629324571914; Wed, 18 Aug 2021 15:09:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629324571; cv=none; d=google.com; s=arc-20160816; b=jDz6CR7HmZrLhGWu/7wgYxxTb4X0Jd2dK1+/thrl0eDoDKYgerX9Dbz2c4CajadwLB w1bygsUwN2Gz6Qi558KsSIKj0oJ0YRY9ZZUabT2TMjdtfwrANtn65PH7xS9z4L2hzlaJ kwj37RHSlOjQPaIsc6LYyU/LJcAXV1AZhipmGi6IH/EIrglbO2CMPyZAxZZ6sVsDMjXF TNB5FL+35vgvbkNZnHqwqX0fLAa0/AGIQEx8zI8fKJGwZEwfEblXzXbPT2Tsv+HIXFeM x78UdNwS7UfoYRNWcNe0XmqNgJ5x7zfoDrb76frdodWen8270lQS85eAH5sIGadlRpg1 037Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=Ju/dpIFvvmJW3Fub8AWFitRq1oXbAkBfTKObVumNQi8=; b=zfUn8Q3z103QtLsfZT73CXsNSZnlvvWwcaBKdRHpUKXvAyw1WHFWmZFxqujuPHGizW CsBzxbeh5Fhho2VtKsnKjxfk/AgyIVYtSXktjdMw2/iJKv9dm+UbjzpowcAQeKi14qXC Q3E092VvfrZnGWft2opcDYP2YNeeUzs/wcEvuK+Ry3MoiYGuLPv1EsNbVi7IoG2q2U6R EpCFPhDgsnVEjzo1oXpdjMGI3JfRqtA1CP6r390d8nDZPQGGxpfk9HPJl+kGn1RkuZly z8fJQVyXXKLdFs5jExFYvpXXrY6+YprHV1or3F6zoluicI4IWeuJ8oIhdqUF5+r0PVPf BmeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=G7rncJVI; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i15si1083023edc.539.2021.08.18.15.09.03; Wed, 18 Aug 2021 15:09:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@samba.org header.s=42 header.b=G7rncJVI; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=samba.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234487AbhHRWJK (ORCPT + 99 others); Wed, 18 Aug 2021 18:09:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234485AbhHRWJJ (ORCPT ); Wed, 18 Aug 2021 18:09:09 -0400 Received: from hr2.samba.org (hr2.samba.org [IPv6:2a01:4f8:192:486::2:0]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0298C061764; Wed, 18 Aug 2021 15:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=samba.org; s=42; h=Message-ID:Cc:To:From:Date; bh=Ju/dpIFvvmJW3Fub8AWFitRq1oXbAkBfTKObVumNQi8=; b=G7rncJVIF5nbFsZfhGeDFC/CU0 bRDH6v3YqRj34n3iYxdqIkJQW1xOhqPFfHBHm5RTVgWPIIbYV8dk9UgY08gWaqIDMo4esX7ZdUYK4 1WRbkNzB4h7tkgcEMlEtEBgSy3JTL2zthqNx2uu+XJ8BvKiprY/fCsaNfPOAFwmFOiHiQ7U0b/BWC H9WIAzWl/Wpi9ChcsX0wFeqBBIUcakViTNNlVLt0ImXo8pEYFJXUKjNBYUSex7jIPyrnCDwpyg5Hb +q8pLSgtgU+EFb6iMVpre9oSYcCVKN7eig77/m1kJQarZs25IsKHCx52ap1St+rq8TNjAPrjjRYxS c1ywXgyVf9By1fBd/2tktGPR+dGH56kIB+2La1LSnKw7+E43BTZVJvEJqX8fU8oBCvG+SUv6Nr5NT hj2ad5Nr0ZxymPmaf09lN/6wTH4jIJ3L1l+feGMMQm7Sh9O9V9Y0nLyvnhIlPfaBVWi11xx2HqjYv 6RcE8Mxv1fSXt/UgUHJTvRAi; Received: from [127.0.0.2] (localhost [127.0.0.1]) by hr2.samba.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__ECDSA_SECP256R1_SHA256__CHACHA20_POLY1305:256) (Exim) id 1mGTjZ-001yez-6y; Wed, 18 Aug 2021 22:08:29 +0000 Date: Wed, 18 Aug 2021 15:08:24 -0700 From: Jeremy Allison To: Steve French Cc: Denis Kenzior , linux-cifs , David Howells , Herbert Xu , samba-technical , Eric Biggers , Steve French , keyrings@vger.kernel.org, Linux Crypto Mailing List , Ard Biesheuvel Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash Message-ID: Reply-To: Jeremy Allison References: <20210818144617.110061-1-ardb@kernel.org> <946591db-36aa-23db-a5c4-808546eab762@gmail.com> <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Aug 18, 2021 at 11:47:53AM -0500, Steve French via samba-technical wrote: >I don't object to moving ARC4 and/or MD4 into cifs.ko, but we do have >to be careful that we don't make the defaults "less secure" as an >unintentional side effect. > >The use of ARC4 and MD4 is the NTLMSSP authentication workflow is >relatively small (narrow use case), and NTLMSSP is the default for >many servers and clients - and some of the exploits do not apply in >the case of SMB2.1 and later (which is usually required on mount in >any case). > >There is little argument that kerberos ("sec=krb5") is more secure and >does not rely on these algorithms ... but there are millions of >devices (probably over 100 million) that can support SMB3.1.1 (or at >least SMB3) mounts but couldn't realistically join a domain and use >"sec=krb5" so would be forced to use "guest" mounts (or in the case of >removing RC4 use less secure version of NTLMSSP). > >In the longer term where I would like this to go is: >- make it easier to "require Kerberos" (in module load parameters for cifs.ko) >- make sure cifs.ko builds even if these algorithms are removed from >the kernel, and that mount by default isn't broken if the user chooses >to build without support for NTLMSSP, the default auth mechanism (ie >NTLMSSP being disabled because required crypto algorithms aren't >available) >- add support in Linux for a "peer to peer" auth mechanism (even if it >requires an upcall), perhaps one that is certificate based and one >that is not (and thus much easier to use) that we can plumb into >SPNEGO (RFC2478). By comparison, it sounds like it is much easier >in Windows to add in additional authentication mechanisms (beyond >Kerberos, PKU2U and NTLMSSP) - see >https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj852232(v=ws.11) >so perhaps we just need to do something similar for the kernel client >and samba and ksmbd where they call out to a library which is >configured to provide the SPNEGO blobs for the new stronger >peer-to-peer authentication mechanism the distro chooses to enable >(for cases where using Kerberos for authentication is not practical) My 2 cents. Preventing NTLM authentication/signing from working would be a negative for the Linux kernel client. I don't mind if that code has to be isolated inside cifs.ko, but it really needs to keep working, at least until we have a pluggable client auth in cifs.ko and Samba that allows the single-server (non AD-Domain) case to keep working easily.