How to get the "Signing Session Key" using "User Session Key" for NTLMv2?

Narendra Kumar S.S ssnkumar at gmail.com
Sun Mar 20 09:45:01 MDT 2011 

> Are you looking for the key used in smb1 smb signing?
Yes. I have the algorithm for NTLMv1 session key.
The key given by winbind is called the "User Session Key".
We have to do hmac-md5 and decrypt to get the "Signing Session Key".
This "Signing Session Key" is the key used in signing SMB PDU's.

Now, the same is not working when client uses NTLMv2.
So, there must be different algorithm in case of NTLMv2.

> the key returned by the auth subsystem is
> that which winbindd gives (ie what a remote DC gives), and you can
> follow the derivations from there.
Yes, I looked there also. But, couldn't get the right algorithm.
May be I was looking at a wrong place and hence wanted to check with the
group.

Warm Regards,
Narendra

Visit my blogs at:
http://ssnarendrakumar.blogspot.com/
   ___    ___    __    _
  /  __/  /  __/  /     | / /
_\   \   _ \   \   /   /| |/ /
\___/ \___/   /_/ |__/


On Sun, Mar 20, 2011 at 5:34 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2011-03-18 at 17:52 +0530, Narendra Kumar S.S wrote:
> > Hi,
> >
> >       I am trying to write some functionality of SMB server.
> >       From my code, I am sending a AUTH_CRAP message to winbindd daemon.
> >       That is successful and sending back the response.
> >       In this response, I have the user session key.
> >
> >       Now, I have to use this to find the "Signing Session Key".
> >       I am doing hmac_md5 twice on this "User Session Key".
> >       But, the result that I am getting is wrong.
> >
> >       So, can somebody tell me, the correct way to calculate "Signing
> > Session Key" from "User Session Key" given out by winbindd?
>
> Are you looking for the key used in smb1 smb signing?  I think it's just
> the key winbindd gives, unless modified by NTLMSSP key exchange.  Look
> over the Samba source code, the key returned by the auth subsystem is
> that which winbindd gives (ie what a remote DC gives), and you can
> follow the derivations from there.
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Cisco Inc.
>
>

More information about the samba-technical mailing list