1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/lib/crypto/REQUIREMENTS
Volker Lendecke 42d5b06d7a vfs: Remove smb_traffic_analyzer
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.

Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
2015-11-11 00:23:35 +01:00

116 lines
1.8 KiB
Plaintext

A list of the crypto operations that we require, and what uses them.
This list is to allow research into using external crypto libraries.
Those possibly supported in the git version of GnuTLS are indicated as '# GNUTLS'
Those possibly supported in the git version of nettle are indicated as '# NETTLE'
ARCFOUR (RC4)
- the old SamOEMHash
- Password encryption on SAMR for password set/get
- NETLOGON SamLogon session keys
- Schannel
- genrate_random_data()
# GNUTLS
# NETTLE
DES
- NTLM challenge-response
- LSA QuerySecret et al
- NETLOGON SamLogon session keys
- ServerGetTrustInfo returned passwords
- RID encryption of passwords
# NETTLE
3DES
- NETLOGON Credentials
# NETTLE
CRC32
- DRSUAPI replication replicated secrets
AES CFB8
- SCHANNEL
- NETLOGON SamLogon session keys
# NETTLE (AES-NI available)
AES128 CCM
- SMB2 2.24 SMB encryption
# GNUTLS
# NETTLE (AES-NI available)
AES128 GCM
- SMB2 3.10 SMB encryption
# GNUTLS
# NETTLE (AES-NI available)
AES128 CMAC
- SMB2 0x224 SMB Signing
MD4
- NTLM password hash
- genrate_random_number()
# NETTLE
MD5
- NTLM2
- SCHANNEL
- NTLMSSP
- NETLOGON computer credentials
- DRSUAPI blob encryption
- SAMR/wkssvc password change/set encryption
- vfs_fruit
- vfs_streams_xattr
- passdb old password history format
- dsdb password_hash module
- SMB1 SMB signing
- NTP ntp_signd
# GNUTLS
# NETTLE
HMAC-MD5
- NTLMv2
# GNUTLS
# NETTLE
HMACSHA256
- SMB2 < 2.24 SMB signing
- SMB2 Key derivation
# GNUTLS
# NETTLE
HMACSHA1
- BackupKey ServerWrap
# GNUTLS
# NETTLE
SHA256
- Security Descriptor hash for vfs_acl_xattr
- oLschema2ldif
# GNUTLS
# NETTLE
SHA512
- SMB2 Pre-auth integrity verification
- BackupKey ClientWrap
# GNUTLS
# NETTLE
RSA
- BackupKey ClientWrap
# GNUTLS
# NETTLE