G'Day, The MS-BKRP protocol docs at "3.1.4.1.2.1 Processing a Valid ServerWrap Wrapped Secret" (point 1) and "3.1.4.1.1 BACKUPKEY_BACKUP_GUID" (point 3) clearly state that the first 64 bytes of the secret are used for the key. This is not the case - testing by extracting the key from the Windows DC over LSA QuerySecret show that the entire key (256 bytes), not the first 64 bytes, is used.
Please correct the docs. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
