[cifs-protocol] Wrong Key length in MS-BKRP Processing a Valid ServerWrap Wrapped Secret

Andrew Bartlett abartlet at samba.org
Thu Feb 12 16:54:43 MST 2015


The MS-BKRP protocol docs at "
Processing a Valid ServerWrap Wrapped Secret" (point 1) and "
BACKUPKEY_BACKUP_GUID" (point 3) clearly state that the first 64 bytes
of the secret are used for the key.  This is not the case - testing by
extracting the key from the Windows DC over LSA QuerySecret show that
the entire key (256 bytes), not the first 64 bytes, is used.

Please correct the docs. 


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list