Hi, >> We confirmed that AesCrypt follows the normative reference of [FIPS197] >> (http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf). As far >> as the statement about AES128 encryption CFB mode, we also confirmed that >> we do use 0 as Initialize Vector(IV), so in this case all you have to do is >> set the IV to the 128-bit quantity consisting of all zeros. The reference >> we are using for CFB mode is [SP800-38A] ( >> http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf ) which >> states that CFB mode requires a valid and unpredictable IV (Section 6.3). >> Zero is a valid IV, certainly not unpredictable. However, the >> unpredictability is required only to guard against specific types of >> attacks, which become possible when a single key is used to encrypt a large >> number of related plaintexts. Predictable IVs could be used in applications >> where this is not a concern. > > thanks I'll try that. > > AES128 is also used in section 3.3.4.2.1 "Generating an Initial Netlogon > Signature Token" under 8., is that the same AesCrypt function (also > using CFB mode) with a just IV being contructed by using the sequence > number twice?
I've tried to get that working, but it doesn't work:-( I've setup a trust between two w2k8r2 domains and captured the ServerReqChallenge and ServerAuthenticate3. And they're using Netlogon Schannel with AES. (They also use NDR64, wireshark doesn't handle this yet...) There're 5 ServerAuthenticate3 exchanges in the capture and I put the data into a simple standalone crypto challenge program. So all we need is to find the algorithm to recalculate the examples, changing the mxnrpc.c file. metze >> We will update the document with the correct references to the related >> statements in the MS-NRPC document. > > It would be really nice if you could also add some more example values > in secion 4.2 Cryptographic Values for Session Key Validation.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
