Max SMB signing key length
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Mar 18 13:53:46 MDT 2010
Matthieu Patou wrote:
> Metze isn't it in [MS-NLMP] ?
...which is referenced (carefully) by [MS-CIFS].
[MS-NLMP] covers the full subsystem, but non-extended security only uses
some of the algorithms, not the entire subsystem defined by [MS-NLMP].
So, Matthiew is correct that you want [MS-NLMP] but also the parts of
[MS-CIFS] that reference [MS-NLMP].
Chris -)-----
> On 18/03/2010 22:12, Christopher R. Hertel wrote:
>> Did you check the Microsoft docs on this? If it's not specified, then it
>> should be entered as a bug against the docs. This is exactly the kind of
>> thing that Microsoft is *actually pro-actively looking* to fix.
>>
>> :)
>>
>> ...in fact, it should be in the doc I wrote, probably in section 3. The
>> latest version of [MS-CIFS] should be on the Microsoft website soon,
>> if not
>> already.
>>
>> Chris -)-----
>> ...who has written so much that there's just not enough room in his
>> brain to
>> remember it all.
>>
>> Stefan (metze) Metzmacher wrote:
>>
>>> Hi Andrew,
>>>
>>> do you know what the maximum length of the SMB signing key could be?
>>>
>>> I know with extended security (NTLMSSP 16 bytes or krb5 8-32 bytes)
>>> it's easy.
>>>
>>> But without extended security we calculate the signing key
>>> out of the user_session_key and the nt or lm response blob.
>>> I assume the user_session_key is always 16 byte, but what is the max
>>> size of the response blob?
>>>
>>> metze
>>>
>>>
>
More information about the samba-technical
mailing list