[cifs-protocol] Session keys are not always 16 bytes long

Hongwei Sun hongweis at microsoft.com
Fri Feb 27 17:22:36 GMT 2009


Andrew,

   We finished updating the MS-SMB document as you suggested.   

   (1) The following text is updated to describe how session keys are generally used for signing in Windows clients and servers in section 3.1.4.1 and 3.1.5.1. 

    "The MD5 algorithm, as specified in [RFC1321], MUST be used to generate a hash of the SMB message (from the start of the SMB header) through the entire session key with the actual session key length".

   (2) The following Windows Behavior note is updated to describe the special behavior of Windows clients, especially when the session key length is less than 16.  

    "<177> Section 3.1.4.1: Windows SMB clients use the entire session key for signing if the session key length is equal to or greater than 16, and pad the session key with zero up to 16 bytes if the session key length is less than 16."   

   Please let us know if you have any further questions.   We really appreciate your suggestion.

Thanks!

Hongwei   


-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, February 10, 2009 3:45 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher; cifs-protocol at samba.org; pfif at tridgell.net
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long

On Tue, 2009-02-10 at 07:13 -0800, Hongwei Sun wrote:
> Andrew,
> 
>    I am sending you the new windows behavior notes that have been added to MS-SMB with respect to the length of session key used for SMB signing.
> 
> <173> Section 3.1.5.1: Windows SMB clients use entire session key for signing if the session key length is equal to or more than 16, and pad session key with zero up to 16 bytes if session key length is less than 16; Windows SMB servers always use the actual length of the session key for signing.
> 
>    Please let me know if you have any more questions. 

Why is this a windows behaviour note?

It isn't like this is some optional or additional behaviour, or a non-optimal outcome.  Please ensure this is specified in the main protocol. 

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.


More information about the cifs-protocol mailing list