[cifs-protocol] Wrong Key length in MS-BKRP 3.1.4.1.2.1 Processing a Valid ServerWrap Wrapped Secret
Andrew Bartlett
abartlet at samba.org
Thu Feb 12 16:54:43 MST 2015
G'Day,
The MS-BKRP protocol docs at "3.1.4.1.2.1
Processing a Valid ServerWrap Wrapped Secret" (point 1) and "3.1.4.1.1
BACKUPKEY_BACKUP_GUID" (point 3) clearly state that the first 64 bytes
of the secret are used for the key. This is not the case - testing by
extracting the key from the Windows DC over LSA QuerySecret show that
the entire key (256 bytes), not the first 64 bytes, is used.
Please correct the docs.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list