NTLM2 signing patch
Jeremy Allison
jra at samba.org
Sat Sep 11 02:06:02 GMT 2004
On Fri, Sep 10, 2004 at 10:38:43PM +1000, tridge at samba.org wrote:
Content-Description: message body text
> Andrew,
>
> Here is a really nasty patch that gets NTLM2 signing working against
> the ECHO pipe on w2k3. Obviously the patch is very crude, I'm hoping
> you can rework the gensec interface a bit to do this properly.
>
> As you will soon see, my patch breaks non-NTLM2 sign/seal, and breaks
> seal on NTLM2. The really interesting part of the patch is the way
> that signing happens over the whole PDU, minus the signature area
> itself, and the fact that the sequence number is only incremented on
> one side of the exchange.
>
> Thanks to Luke Howard for suggesting that NTLM2 signing might use
> ADEA!
Do you mean IDEA ? If so I'm sure I know why they chose that.
IDEA is patented in the USA, and the patent holders have been
fairly agressive about enforcing their patent.
Here is part of the IDEA entry from Wikkipedia :
IDEA was designed under a research contract with the Hasler Foundation, which became part of Ascom-Tech AG. IDEA is patented (US patent 5,214,703) but is free for non-commercial use. The patents will expire in 2010–2011.
Jeremy.
More information about the samba-technical
mailing list