[cifs-protocol] [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

Wed Nov 16 22:40:16 UTC 2022

Hi Andrew,

Based on your understanding, does this appear accurate?

"AES256-CTS-HMAC-SHA1-96-SK: Enforce AES session keys when legacy ciphers are in use. When the bit is set, this indicates to the KDC that all cases where RC4 session keys can be used will be superseded with AES keys."

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=02%7C01%7Cjeffm%40microsoft.com%7C92c4c7bb8c6d4412e78108d80d79f45f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637274164726698458&sdata=KtEL7V58Q7rscYvr9cPik%2FmYKZIv0rh3E3kBdGywwwI%3D&reserved=0> | Extension 1138300

From: Andrew Bartlett <abartlet at samba.org>
Sent: Wednesday, November 16, 2022 12:07 PM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
Subject: Re: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

Yes.  We also just confirmed (in different words) the below which we determined experimentally.  From Joseph:
I think I now have the Windows enctype behaviour worked out, and Samba matching it.
The ticket is encrypted with the strongest enctype for which the server explicitly declares support, falling back to RC4 if the server has no declared supported encryption types. The enctype of the session key is the first enctype listed in the request that the server supports, taking the AES-SK bit as an indication of support for both AES types.
If none of the enctypes in the request are supported by the target server, implicitly or explicitly, return ETYPE_NOSUPP.

Therefore:
 that if an insecure encryption algorithm is used, you must always use a secure algorithm for session keys instead

Appears to be incorrect (sadly, as this would aid in establishing policy).

Andrew Bartlett

On Wed, 2022-11-16 at 17:43 +0000, Jeff McCashland (He/him) wrote:
Hi Andrew,

I understand Steve Syfuhs had a call with Samba engineers yesterday, were you in that call? Did you get your questions answered?

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VkzHZDPMfiMIgaygUKHWC%2FGtDPSoslly4lJCXFb9JW4%3D&reserved=0> | Extension 1138300

From: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Sent: Thursday, November 10, 2022 3:17 PM
To: Jeff McCashland (He/him) <jeffm at microsoft.com<mailto:jeffm at microsoft.com>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: Re: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

Thanks.

So, what I understand is this:

 - A KDC will always select the strongest key to encrypt the ticket based on the keys held at the server, permitted by msDS-SupportedEncryptionTypes and understood by this KDC (ticket key)
 - The client has no ability to influence this key, so as long as the password is regularly rotated and the msDS-SupportedEncryptionType is up to date, then AES256-CTS-HMAC-SHA1-96 encrypted tickets are always issued.
 - The server however may not have rotated it's password, nor updated msDS-SupportedEncryptionTypes  since it was in a FL 2003 domain
 - Even if it does rotate it's password, it may not be storing an AES key in a keytab, so AES256-CTS-HMAC-SHA1-96 can't be arbitarily set in msDS-SupportedEncryptionTypes as that would change the ticket key

 - Most Kerberos software these days, no matter which keys were shared, supports AES256-CTS-HMAC-SHA1-96 session keys
 - Clients can influence the session key type, as they must understand it for interopability.  They could select a weak or problematic encryption type (eg 3DES in Samba recently)
 - Servers could previously influence the session key type by the msDS-SupportedEncryptionType but we don't want to use that as above
 - Therefore this value indicates that regardless, AES256-CTS-HMAC-SHA1-96 is the mandatory session key type, arcfour-hmac-md5 (or 3DES, in our case) session keys should never be used.

Is this correct?

Is there anything I've missed?

Thanks,

Andrew Bartlett

On Thu, 2022-11-10 at 22:58 +0000, Jeff McCashland (He/him) wrote:
Hi Andrew,

AES256-CTS-HMAC-SHA1-96-SK is a temporary value we have added as part of the security update to indicate that if an insecure encryption algorithm is used, you must always use a secure algorithm for session keys instead.

I will file a request to update [MS-KILE] with a description of the encryption type.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VkzHZDPMfiMIgaygUKHWC%2FGtDPSoslly4lJCXFb9JW4%3D&reserved=0> | Extension 1138300

From: Jeff McCashland (He/him)
Sent: Thursday, November 10, 2022 8:53 AM
To: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

[Michael to BCC]

Hi Andrew,

I will research the algorithm and let you know what I learn.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VkzHZDPMfiMIgaygUKHWC%2FGtDPSoslly4lJCXFb9JW4%3D&reserved=0> | Extension 1138300

From: Michael Bowen <Mike.Bowen at microsoft.com<mailto:Mike.Bowen at microsoft.com>>
Sent: Wednesday, November 9, 2022 9:38 PM
To: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>; Microsoft Support <supportmail at microsoft.com<mailto:supportmail at microsoft.com>>
Subject: RE: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK - TrackingID#2211100040001759

[DocHelp to bcc, Support mail to cc]

Hi Andrew,

Thanks for your inquiry. I've created case number 2211100040001759 to track this issue. In your correspondence, please leave the case number in the subject line and use reply all. One of our engineers will contact you soon

Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications

From: Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>>
Sent: Wednesday, November 9, 2022 3:03 PM
To: Interoperability Documentation Help <dochelp at microsoft.com<mailto:dochelp at microsoft.com>>
Cc: cifs-protocol mailing list <cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>>
Subject: [EXTERNAL] What is AES256-CTS-HMAC-SHA1-96-SK

Kia Ora Dochelp!

In the errata to MS-KILE I see references to AES256-CTS-HMAC-SHA1-96-SK however I can't find any public references to this constant, nor further documentation on what it is used for.

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/c982f6c4-2f70-4dc7-b252-09092e9f1eed<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-winerrata%2Fc982f6c4-2f70-4dc7-b252-09092e9f1eed&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=leHjMbCVjqlpEsRh%2Fq5l1Vw%2Bo5UYJsS69VTgEGwV5X4%3D&reserved=0>

Can you explain what this encryption type is and where to learn more about it?

Thanks,

Andrew Bartlett

--

Andrew Bartlett (he/him)       https://samba.org/~abartlet/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vo8oU7fhEpW044Ot%2Bguv5pjLh%2FJptec5RUIcL6PumAs%3D&reserved=0>
Samba Team Member (since 2001) https://samba.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ra%2FWZ411EOVrQXbYG6tFSPn0WI56%2FeZEJSa%2Fow8yMec%3D&reserved=0>
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BjawEZnUJ18jRe7x8vf6Cn0pcwAm3%2BpZx2WJ6KqcOo0%3D&reserved=0>

Samba Development and Support, Catalyst IT - Expert Open Source Solutions

--

Andrew Bartlett (he/him)       https://samba.org/~abartlet/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vo8oU7fhEpW044Ot%2Bguv5pjLh%2FJptec5RUIcL6PumAs%3D&reserved=0>
Samba Team Member (since 2001) https://samba.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ra%2FWZ411EOVrQXbYG6tFSPn0WI56%2FeZEJSa%2Fow8yMec%3D&reserved=0>
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BjawEZnUJ18jRe7x8vf6Cn0pcwAm3%2BpZx2WJ6KqcOo0%3D&reserved=0>

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

--
Andrew Bartlett (he/him)       https://samba.org/~abartlet/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F~abartlet%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vo8oU7fhEpW044Ot%2Bguv5pjLh%2FJptec5RUIcL6PumAs%3D&reserved=0>
Samba Team Member (since 2001) https://samba.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsamba.org%2F&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ra%2FWZ411EOVrQXbYG6tFSPn0WI56%2FeZEJSa%2Fow8yMec%3D&reserved=0>
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcatalyst.net.nz%2Fservices%2Fsamba&data=05%7C01%7Cjeffm%40microsoft.com%7C170f7699888e4757bf4e08dac80e328e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638042260563569737%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BjawEZnUJ18jRe7x8vf6Cn0pcwAm3%2BpZx2WJ6KqcOo0%3D&reserved=0>

Samba Development and Support, Catalyst IT - Expert Open Source Solutions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20221116/183c2016/attachment.htm>