Quoting Tim Potter <[EMAIL PROTECTED]>: > The key would probably be something like the md4 hash of a user or > administrator password, or some hash of this with the session key sent > in the negprot reply. There's also the hmac-md4 encryption type > described in the internet draft draft-brezak-win2k-krb-rc4-hmac-04.txt
The algorithm for the NTLMSSP-1 session key negotiation seems pretty well documented in Luke Leighton's DCE/RPC book in Appendix B. > I don't think ethereal does any of these at the moment. No, but I think it would be quite useful to be able to decrypt the payload of encrypted packets on-the-fly. Right now though, I'm just focusing on dissecting the protocol properly. Devin Heitmueller Senior Software Engineer Netilla Networks Inc
