[cifs-protocol] 117052515795450 Documentation of pre-computation hash in WDigest property is wrong

Gary Lockyer gary at catalyst.net.nz
Wed May 31 08:09:09 UTC 2017


I tested against Windows Server 2012 R2 and found the following
differences between the calculated values and the documentation.

Hash02
Documented: MD5(UPPER(sAMAccountName), UPPER(NETBIOSDomainName), password)
Observed:   MD5(LOWER(sAMAccountName), LOWER(NETBIOSDomainName), password)

Hash03
Documented: MD5(LOWER(sAMAccountName), LOWER(NETBIOSDomainName), password)
Observed:   MD5(UPPER(sAMAccountName), UPPER(NETBIOSDomainName), password)

Hash09
Documented: MD5(UPPER(sAMAccountName), UPPER(DNSDomainName), password)
Observed:   MD5(LOWER(sAMAccountName), LOWER(DNSDomainName), password)

Hash10
Documented: MD5(LOWER(sAMAccountName), LOWER(DNSDomainName), password)
Observed:   MD5(UPPER(sAMAccountName), UPPER(DNSDomainName), password)

Hash16
Documented: MD5(UPPER(userPrincipalName), password)
Observed:   MD5(LOWER(userPrincipalName), password)

Hash17
Documented: MD5(LOWER(userPrincipalName), password)
Observed:   MD5(UPPER(userPrincipalName), password)

Hash19
Documented: MD5(UPPER(NETBIOSDomainName\sAMAccountName), password)
Observed:   MD5(LOWER(NETBIOSDomainName\sAMAccountName), password)

Hash20
Documented: MD5(LOWER(NETBIOSDomainName\sAMAccountName), password)
Observed:   MD5(UPPER(NETBIOSDomainName\sAMAccountName), password)

Hash22
Documented: MD5(UPPER(sAMAccountName), "DIGEST", password)
Observed:   MD5(LOWER(sAMAccountName), "Digest", password)

Hash23
Documented: MD5(LOWER(sAMAccountName), "digest", password)
Observed:   MD5(UPPER(sAMAccountName), "Digest", password)

Hash25
Documented: MD5(UPPER(userPrincipalName), "DIGEST", password)
Observed:   MD5(LOWER(userPrincipalName), "Digest", password)

Hash26
Documented: MD5(LOWER(userPrincipalName), "digest", password)
Observed:   MD5(UPPER(userPrincipalName), "Digest", password)

Hash28
Documented: MD5(UPPER(NETBIOSDomainName\sAMAccountName), "DIGEST", password)
Observed:   MD5(LOWER(NETBIOSDomainName\sAMAccountName), "Digest", password)

Hash29
Documented: MD5(LOWER(NETBIOSDomainName\sAMAccountName), "digest", password)
Observed:   MD5(UPPER(NETBIOSDomainName\sAMAccountName), "Digest", password)


On 31/05/17 09:22, Andrew Bartlett wrote:
> On Tue, 2017-05-30 at 18:18 +0000, Sreekanth Nadendla wrote:
>> Hello Andrew,  MS-SAMR section 3.1.1.8.11.3.1 WDIGEST_CREDENTIALS
>> Construction (https://msdn.microsoft.com/en-us/library/cc245680.aspx)
>> shows how the 29 different hash values are calculated.
>>  
>> Section 2.2.10.3 Primary:WDigest - WDIGEST_CREDENTIALS shows the
>> order in which those hash values ought to be stored in
>> WDIGEST_CREDENTIALS structure. It shows hashes 1 through 29.
>>  
>> Are you saying that from your findings, you see hash 29 stored first
>> and hash 1 stored last in the WDIGEST_CREDENTIALS structure?
> 
> No, it is more muddled than that.  Gary (CC'ed) has the details.
> 
>>  
>> ISSUE:
>>  
>> WDigest package of supplementalCredentials attribute. Documentation
>> of pre-computation hash in WDigest property is wrong. Construction is
>> inverted. Needs to fix the document [MS-SAMR]
>>  
>> 3.1.1.8.11.3 Primary:WDigest Property
>> https://msdn.microsoft.com/en-us/library/cc245679.aspx
>>  
>> 3.1.1.8.11.3.1 WDIGEST_CREDENTIALS Construction
>> https://msdn.microsoft.com/en-us/library/cc245680.aspx
>>  
>>  
>>  
>> Regards,
>> Sreekanth Nadendla
>> Microsoft Windows Open Specifications
>>  
>>  
>>  





More information about the cifs-protocol mailing list