[PATCH] Joining a Windows Server 2008 (Longhorn)

Andrew Bartlett abartlet at samba.org
Wed Jan 30 01:02:47 GMT 2008

On Wed, 2008-01-30 at 11:55 +1100, Luke Howard wrote:
> > The AES session key is longer - 32 bytes I think.  This also comes up in
> > the smb signing case.  Samba4 has this working (which is where I came
> > across this first, when we moved to a Heimdal KDC that supported AES
> > created the longer session keys)
> >   
> Depends on whether it's AES-128, -192 or -256. Do MS truncate longer 
> keys for the SMB session key or do they digest it?

Neither, the full length is used (be it as short as 8 from DES or as
long as 32 from AES) as far as I can tell, even for the weird LSA
des-based crypto, and easily for the SAMR crypto and signing.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080130/27131f37/attachment.bin

More information about the samba-technical mailing list