[cifs-protocol] [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

Andrew Bartlett abartlet at samba.org
Thu Nov 10 23:17:09 UTC 2022 

Thanks. 
So, what I understand is this:
 - A KDC will always select the strongest key to encrypt the ticket
based on the keys held at the server, permitted by msDS-
SupportedEncryptionTypes and understood by this KDC (ticket key) - The
client has no ability to influence this key, so as long as the password
is regularly rotated and the msDS-SupportedEncryptionType is up to
date, then AES256-CTS-HMAC-SHA1-96 encrypted tickets are always
issued. - The server however may not have rotated it's password, nor
updated msDS-SupportedEncryptionTypes  since it was in a FL 2003
domain - Even if it does rotate it's password, it may not be storing an
AES key in a keytab, so AES256-CTS-HMAC-SHA1-96 can't be arbitarily set
in msDS-SupportedEncryptionTypes as that would change the ticket key
 - Most Kerberos software these days, no matter which keys were shared,
supports AES256-CTS-HMAC-SHA1-96 session keys - Clients can influence
the session key type, as they must understand it for interopability.
 They could select a weak or problematic encryption type (eg 3DES in
Samba recently) - Servers could previously influence the session key
type by the msDS-SupportedEncryptionType but we don't want to use that
as above - Therefore this value indicates that regardless, AES256-CTS-
HMAC-SHA1-96 is the mandatory session key type, arcfour-hmac-md5 (or
3DES, in our case) session keys should never be used.
Is this correct?
Is there anything I've missed?
Thanks,
Andrew Bartlett
On Thu, 2022-11-10 at 22:58 +0000, Jeff McCashland (He/him) wrote:
> Hi Andrew,
>  
> AES256-CTS-HMAC-SHA1-96-SK is a temporary value we have added as part
> of the security update to indicate that if an insecure encryption
> algorithm is used, you must always use a secure algorithm for session
> keys
>  instead.
>  
> I will file a request to update [MS-KILE] with a description of the
> encryption type.
> 
>  
> 
> 
> 
> 
> Best regards,
> 
> Jeff McCashland (He/him)
> | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team
> 
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> http://support.microsoft.com/globalenglish
>  | Extension 1138300
> 
> 
> 
> 
>  
> 
> 
> From: Jeff McCashland (He/him) 
> 
> Sent: Thursday, November 10, 2022 8:53 AM
> 
> To: Andrew Bartlett <abartlet at samba.org>
> 
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
> 
> Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK -
> TrackingID#2211100040001759
> 
> 
>  
> [Michael to BCC]
>  
> Hi Andrew,
>  
> I will research the algorithm and let you know what I learn.
> 
>  
> 
> 
> 
> 
> Best regards,
> 
> Jeff McCashland (He/him)
> | Senior Escalation Engineer | Microsoft
> Protocol Open Specifications Team
> 
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-
> 08:00) Pacific Time (US and Canada)
> Local country phone number found here:
> http://support.microsoft.com/globalenglish
>  | Extension 1138300
> 
> 
> 
> 
>  
> 
> 
> From: Michael Bowen <Mike.Bowen at microsoft.com>
> 
> 
> Sent: Wednesday, November 9, 2022 9:38 PM
> 
> To: Andrew Bartlett <abartlet at samba.org>
> 
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>;
> Microsoft Support <supportmail at microsoft.com>
> 
> Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK -
> TrackingID#2211100040001759
> 
> 
>  
> [DocHelp to bcc, Support mail to cc]
>  
> Hi Andrew,
>  
> Thanks for your inquiry. I've created case number 2211100040001759 to
> track this issue. In your correspondence, please leave the case
> number in the subject line and use reply all. One of our engineers
> will contact you soon
>  
> Best regards,
> 
> Mike Bowen
> 
> Escalation Engineer - Microsoft Open Specifications
> 
>  
> 
> 
> From: Andrew Bartlett <abartlet at samba.org>
> 
> 
> Sent: Wednesday, November 9, 2022 3:03 PM
> 
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> 
> Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>
> 
> Subject: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK
> 
> 
>  
> 
> Kia Ora Dochelp!
> 
> 
>  
> 
> 
> In the errata to MS-KILE I see references to AES256-CTS-HMAC-SHA1-96-
> SK however I can't find any public references to this constant, nor
> further documentation on what it is used for.
> 
> 
>  
> 
> 
> https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed
> 
> 
>  
> 
> 
> Can you explain what this encryption type is and where to learn more
> about it?
> 
> 
>  
> 
> 
> Thanks,
> 
> 
>  
> 
> 
> Andrew Bartlett
> 
> 
> -- 
> 
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> 
> 
> Samba Team Member (since 2001) 
> https://samba.org
> 
> 
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
> 
> 
> 
>  
> 
> 
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
> 
> 
> 
>  
> 
> 
>  
> 
> 
>  
> 
> 
>  
> 
> 
> 
> 
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221111/ff776086/attachment.htm>

More information about the cifs-protocol mailing list