You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is going to fun, on 1 hand using md4 should be respected by OS settings but on the other hand md4 is absolutely required for NTLM which while evil is a very common use case of this library. Using a custom implementation is probably the best way forward.
As reported here jborean93/smbprotocol#173 (comment) it looks like Ubuntu 22.04 will have openssl without MD4
I guess there are out there other Linux distributions that might already ship without md4, is just that nobody uses them with NTLMv1
I see that md4 is used in pyspnego here
pyspnego/src/spnego/_ntlm_raw/crypto.py
Line 133 in 03eb0c9
With a simply "proxy" implementation here
pyspnego/src/spnego/_ntlm_raw/crypto.py
Line 342 in 03eb0c9
I guess that the only option for legacy, is to vendor/copy/reimplement md4 in pysnego
Like this https://github.com/rpicard/py-md4 ... no licence for the code :(
Or document that ntlmv1 is not supported with old NTLMv1
The text was updated successfully, but these errors were encountered: