RE: [cifs-protocol] Session keys are not always 16 bytes long

Fri, 27 Feb 2009 09:23:17 -0800 

Andrew,

   We finished updating the MS-SMB document as you suggested.   

   (1) The following text is updated to describe how session keys are generally 
used for signing in Windows clients and servers in section 3.1.4.1 and 3.1.5.1. 

    "The MD5 algorithm, as specified in [RFC1321], MUST be used to generate a 
hash of the SMB message (from the start of the SMB header) through the entire 
session key with the actual session key length".

   (2) The following Windows Behavior note is updated to describe the special 
behavior of Windows clients, especially when the session key length is less 
than 16.  

    "<177> Section 3.1.4.1: Windows SMB clients use the entire session key for 
signing if the session key length is equal to or greater than 16, and pad the 
session key with zero up to 16 bytes if the session key length is less than 
16."   

   Please let us know if you have any further questions.   We really appreciate 
your suggestion.

Thanks!

Hongwei   


-----Original Message-----
From: Andrew Bartlett [mailto:abart...@samba.org] 
Sent: Tuesday, February 10, 2009 3:45 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher; cifs-proto...@samba.org; p...@tridgell.net
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long

On Tue, 2009-02-10 at 07:13 -0800, Hongwei Sun wrote:
> Andrew,
> 
>    I am sending you the new windows behavior notes that have been added to 
> MS-SMB with respect to the length of session key used for SMB signing.
> 
> <173> Section 3.1.5.1: Windows SMB clients use entire session key for signing 
> if the session key length is equal to or more than 16, and pad session key 
> with zero up to 16 bytes if session key length is less than 16; Windows SMB 
> servers always use the actual length of the session key for signing.
> 
>    Please let me know if you have any more questions. 

Why is this a windows behaviour note?

It isn't like this is some optional or additional behaviour, or a non-optimal 
outcome.  Please ensure this is specified in the main protocol. 

Andrew Bartlett

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to