On Thu, Jul 24, 2003 at 04:48:59PM -0400, Devin Heitmueller wrote: > > Perhaps Microsoft "embraced and extended" that field to specify padding > > to make the stub data a multiple of 16 bytes for NTLMSSP (I think I > > mentioned that possibility in mail on this topic a while ago), but the > > DCE RPC 1.1 spec, at least, seems to indicate that it's there to align > > the fields of an "auth_verifier_co_t" on a 4-byte boundary. > > I don't see any incentive from a design standpoint, but who knows.... > My only thought was if they wanted to work with block ciphers that > operate on 128 bits at a time. I know you mentioned this previously, > and I had forgotten.
I think this is correct. My NETLOGON secure channel decryptor wasn't decrypting packets properly until I included the padding in the data stream. It was one of those 'aha' moments. Tim.
