Andrew,
We completed our investigation to this issue and propose the following changes
to [MS-DTYP], [MS-LSAD], [MS-SAMR] and [MS-WKST]. The text below contains
yellow highlighting to identify changed text. If the highlighting causes a
problem for you, please let me know.
Thank you for your patience.
Bryan
[MS-DTYP]
Added new section:
2.3.14 Anonymous Session Key
The Anonymous Session Key is comprised of 16 bytes of UTF-8 characters:
UCHAR AnonymousSessionKey[] = {“SystemLibraryDTC”};
[MS-LSAD]
Added:
2.1 Transport
[…]
Cryptographic operations (as specified in section 5.1) MUST utilize a session
key obtained from the SMB session on the client or server, or the Anonymous
Session Key (see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
Added:
5 Security
5.1 Security Considerations for Implementers
[…]
The session key for sections 5.1.1 and 5.1.2 is obtained from the SMB
transport, as specified in section 2.1. The session key is obtained from the
SMB transport every time a message that needs encryption is to be sent or a
message that needs decryption is to be received. Clients should avoid using
the Anonymous Session Key (see section 2.3.14 of [MS-DTYP]) to encrypt
sensitive data since this does not protect the data.
[MS-SAMR]
Added:
2.2.7.6 SAMPR_USER_ALL_INFORMATION
[…]
LmOwfPassword: An RPC_SHORT_BLOB structure where Length and MaximumLength MUST
be 16, and the Buffer MUST be formatted with an ENCRYPTED_LM_OWF_PASSWORD
structure with the cleartext value being an LM hash, and the encryption key
being the 16-byte SMB [MS-SMB] session key established by the underlying
authentication protocol (either Kerberos [MS-KILE] or NTLM [MS-NLMP]), or the
Anonymous Session Key (see section 2.3.14 of [MS-DTYP]) if using an anonymous
connection.
NtOwfPassword: An RPC_SHORT_BLOB structure where Length and MaximumLength MUST
be 16, and the Buffer MUST be formatted with an ENCRYPTED_NT_OWF_PASSWORD
structure with the cleartext value being an NT hash, and the encryption key
being the 16-byte SMB [MS-SMB] session key established by the underlying
authentication protocol (either Kerberos [MS-KILE] or NTLM [MS-NLMP]) , or the
Anonymous Session Key (see section 2.3.14 of [MS-DTYP]) if using an anonymous
connection.
Added:
2.2.7.23 SAMPR_USER_INTERNAL1_INFORMATION
[…]
EncryptedNtOwfPassword: An NT hash encrypted with the 16-byte SMB [MS-SMB]
session key for the connection established by the underlying authentication
protocol (either Kerberos [MS-KILE] or NTLM [MS-NLMP]) , or the Anonymous
Session Key (see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
EncryptedLmOwfPassword: An LM hash encrypted with the 16-byte SMB [MS-SMB]
session key for the connection established by the underlying authentication
protocol (either Kerberos [MS-KILE] or NTLM [MS-NLMP]), or the Anonymous
Session Key (see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
Added:
2.2.7.26 SAMPR_USER_INTERNAL5_INFORMATION
[…]
UserPassword: A cleartext password, encrypted according to the specification
for SAMPR_ENCRYPTED_USER_PASSWORD, with the encryption key being the 16-byte
SMB [MS-SMB] session key established by the underlying authentication protocol
(either Kerberos [MS-KILE] or NTLM [MS-NLMP]) , or the Anonymous Session Key
(see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
Added:
2.2.7.27 SAMPR_USER_INTERNAL5_INFORMATION_NEW
[…]
UserPassword: A password, encrypted according to the specification for
SAMPR_ENCRYPTED_USER_PASSWORD_NEW, with the encryption key being the 16-byte
SMB [MS-SMB] session key established by the underlying authentication protocol
(either Kerberos [MS-KILE] or NTLM [MS-NLMP]) , or the Anonymous Session Key
(see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
Added:
3.1.5.6.4.4 UserInternal4Information
[…]
3. If the USER_ALL_NTPASSWORDPRESENT or USER_ALL_LMPASSWORDPRESENT
flag is present in the WhichFields field, the server MUST update the
clearTextPassword attribute with the (decrypted) value of
SAMPR_USER_INTERNAL4_INFORMATION.UserPassword, using the decryption key of the
16-byte SMB [MS-SMB] session key established by the underlying authentication
protocol (Kerberos or NTLM) , or the Anonymous Session Key (see section 2.3.14
of [MS-DTYP]) if using an anonymous connection.
Added:
3.2.2.2 MD5 Usage
[…]
- user-session-key is a 16-byte value obtained from the 16-byte
SMB [MS-SMB] session key established by the underlying authentication protocol
(either Kerberos [MS-KILE] or NTLM [MS-NLMP]) , or the Anonymous Session Key
(see section 2.3.14 of [MS-DTYP]) if using an anonymous connection.
Added:
5 Security
5.1 Security Considerations for Implementers
Sensitive information, such as the cleartext password for accounts, is
communicated through this protocol; therefore, implementers must pay special
attention to the secrecy of this data. Although this protocol does not use
transport-level encryption (with the exception of SamrValidatePassword), it
does rely on the key strength of the SMB transport for encrypting cleartext
data. Clients should avoid using the Anonymous Session Key (see section 2.3.14
of [MS-DTYP]) to encrypt sensitive data since this does not protect the data.
[MS-WKST]
Added:
2.2.5.18.3 Encryption and Decryption
[…]
- user-session-key is a 16-byte value obtained from the 16-byte
SMB session key established by the underlying authentication protocol (either
Kerberos [MS-KILE] or NTLM [MS-NLMP]), or the Anonymous Session Key (see
section 2.3.14 of [MS-DTYP]) if using an anonymous connection, as specified in
[MS-SMB] Per SMB Session (section 3.2.1.3).
Added:
5 Security
5.1 Security Considerations for Implementers
[…]
This protocol relies on the key strength of the SMB transport for encrypting
passwords (see section 2.2.5.18.3). Clients should avoid using the Anonymous
Session Key (see section 2.3.14 of [MS-DTYP]) to encrypt sensitive data since
this does not protect the data.
-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, January 04, 2012 2:38 PM
To: Andrew Bartlett ([email protected])
Cc: '[email protected]'; MSSolve Case Email
Subject: RE: [REG:111101553031054] [cifs-protocol] SystemLibraryDTC
[Hongwei to bcc]
Andrew,
I'm filling in for Hongwei on this issue. I am engaged with several document
groups here to sort this issue out. Presently I'm working with Neil Martin,
who you know, and the current thinking is that this might be addressed in an
update to [MS-DTYP]. I'll let you know the outcome or ping you if we need any
further information.
Going forward, I'll be your primary contact for this issue.
Bryan
-----Original Message-----
From: Bryan Burgin
Sent: Wednesday, January 04, 2012 2:18 PM
To: "Hongwei Sun" <[email protected]<mailto:[email protected]>>
Cc: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>; "MSSolve Case Email"
<[email protected]<mailto:[email protected]>>
Subject: [REG:111101553031054] [cifs-protocol] SystemLibraryDTC
On Tue, 2011-11-15 at 03:56 +0000, Hongwei Sun wrote:
> Andrew,
>
> After reviewing code, we confirmed that this fixed session key are
> used by some SAMR/LSAD RPC functions. We are working on updating all
> the related documents. When they are available , I will let you know.
Thanks!
Now would also be a good time to work out a way to remove them :-). I would be
very happy to work with your developers on a secure way we can indicate to a
server that these keys should not be used, or that they should only be
available over encrypted transports.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
