On Fri, 2009-02-27 at 09:22 -0800, Hongwei Sun wrote:
> Andrew,
>
>We finished updating the MS-SMB document as you suggested.
>
>(1) The following text is updated to describe how session keys are
> generally used for signing in Windows clients and servers in section 3.1.4.1
> and 3.1
p...@tridgell.net
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long
On Tue, 2009-02-10 at 07:13 -0800, Hongwei Sun wrote:
> Andrew,
>
>I am sending you the new windows behavior notes that have been added to
> MS-SMB with respect to the length of session key us
On Tue, 2009-02-10 at 07:13 -0800, Hongwei Sun wrote:
> Andrew,
>
>I am sending you the new windows behavior notes that have been added to
> MS-SMB with respect to the length of session key used for SMB signing.
>
> <173> Section 3.1.5.1: Windows SMB clients use entire session key for signin
rtlett [mailto:abart...@samba.org]
Sent: Monday, February 02, 2009 7:08 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher; cifs-proto...@samba.org; p...@tridgell.net
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long
On Tue, 2009-01-27 at 16:36 -0800, Hongwei Sun wrote:
> Andrew,
>
On Tue, 2009-01-27 at 16:36 -0800, Hongwei Sun wrote:
> Andrew,
>
> Thanks for the information provided. We successfully reproduced and
> debugged the behavior of SMB signing between Samba Smbclient and Windows
> server using AES256 session key(32 bytes). The outcome of live debugging
> pr
: Sunday, November 30, 2008 8:53 PM
To: Hongwei Sun
Cc: Stefan (metze) Metzmacher
Subject: RE: [cifs-protocol] Session keys are not always 16 bytes long
On Tue, 2008-11-25 at 15:52 -0800, Hongwei Sun wrote:
> Andrew,
>
>As per our discussion during conference call, I would like to run test
tt; [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
>
> Hongwei Sun schrieb:
>> Metze,
>>
>>When you tested SMB signing with 32 byte AES session key, did you test
>> Vista with Samba server , Sam
-Original Message-
From: Stefan (metze) Metzmacher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2008 10:57 AM
To: Hongwei Sun
Cc: Andrew Bartlett; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
Hongwei Sun schrieb:
> Me
IL PROTECTED]
> Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
>
> Hongwei Sun schrieb:
>> Metze/Andrew,
>>
>> The subkey in the EncAPRepPart of the AP-REP should be used as the session
>> key when the mutual authentication is enabled(
: Hongwei Sun
Cc: Andrew Bartlett; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
Hongwei Sun schrieb:
> Metze/Andrew,
>
> The subkey in the EncAPRepPart of the AP-REP should be used as the session
> key when the mutual authe
Andrew Bartlett schrieb:
> On Fri, 2008-09-05 at 22:25 +0200, Stefan (metze) Metzmacher wrote:
>> Hongwei Sun schrieb:
>>> Metze/Andrew,
>>>
>>> The subkey in the EncAPRepPart of the AP-REP should be used as the
>>> session key when the mutual authentication is enabled(as described in RFC
>>> 4
On Fri, 2008-09-05 at 22:25 +0200, Stefan (metze) Metzmacher wrote:
> Hongwei Sun schrieb:
> > Metze/Andrew,
> >
> > The subkey in the EncAPRepPart of the AP-REP should be used as the
> > session key when the mutual authentication is enabled(as described in RFC
> > 4121).When DES and RC4 a
Hongwei Sun schrieb:
> Metze/Andrew,
>
> The subkey in the EncAPRepPart of the AP-REP should be used as the session
> key when the mutual authentication is enabled(as described in RFC 4121).
> When DES and RC4 are used in Kerberos, the implementation is based on RFC1964
> (instead of RFC41
-
From: Stefan (metze) Metzmacher [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 14, 2008 10:36 AM
To: Hongwei Sun
Cc: Andrew Bartlett; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
Hongwei Sun schrieb:
> Stefan,
>
>>&g
Hongwei,
>For your SMB signing problem shown in the network traces attached, what
> is your configuration ? Are you using Vista client connecting to Samba
> server and KDC ?You also mentioned windows servers. How are they used in
> your configuration ? I just want to make sure we
; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
Hongwei Sun schrieb:
> Stefan,
>
>>> I just found that the session key used to decrypt the password attributes
>>> in the DsGetNCChanges() is not truncated.
>
&g
--
-Original Message-
From: Stefan (metze) Metzmacher [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2008 5:19 AM
To: Andrew Bartlett
Cc: Hongwei Sun; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [cifs-protocol] Session keys are not always 16 bytes long
I just found that
I just found that the session key used to decrypt the password
attributes in the DsGetNCChanges() is not truncated.
And I need to use gsskrb5_get_subkey() instead of
gsskrb5_get_initiator_subkey(), when aes keys are used.
metze
>>In our last conference call, we talked about your question
>> re
On Thu, 2008-08-07 at 15:10 -0700, Hongwei Sun wrote:
> Hi, Andrew,
>
>
>
>In our last conference call, we talked about your question
> regarding which of the numerous keys Kerberos produce is considered
> the 'SMB session key'. I had discussions with the product team to
> find what or how
TECTED]; [EMAIL PROTECTED]
Subject: [cifs-protocol] Session keys are not always 16 bytes long
I'm looking for correction assistance regarding SMB session keys.
Our tests show that the session keys, referred consistently in MS-SMB and
MS-SAMR as 16 byte quantities are not a simple as they are ma
PROTECTED]; [EMAIL PROTECTED]
Subject: [cifs-protocol] Session keys are not always 16 bytes long
I'm looking for correction assistance regarding SMB session keys.
Our tests show that the session keys, referred consistently in MS-SMB and
MS-SAMR as 16 byte quantities are not a simple as they are
I'm looking for correction assistance regarding SMB session keys.
Our tests show that the session keys, referred consistently in MS-SMB
and MS-SAMR as 16 byte quantities are not a simple as they are made out
to be.
For example, a Windows Vista SP1 client using GSSAPI with CFX will
negotiate an A
22 matches
Mail list logo
