On Wed, 2015-03-11 at 19:40 +0000, Edgar Olougouna wrote: > Andrew, > After source code investigation, your observation appears accurate. How did > you figure it out?
:-) That reminds me, Catalyst wants me to write up blog posts - this would be ideal. I figured it out by downloading the secrets over LSA GetSecrets, and then decrypting it client-side with that key. When that failed, I removed the truncation, because that seemed pointless, and thankfully that worked! > I have opened a document bug to get this addressed in the spec. > > Thanks, > Edgar > > -----Original Message----- > From: Edgar Olougouna > Sent: Friday, February 13, 2015 11:14 AM > To: Andrew Bartlett > Cc: [email protected]; MSSolve Case Email > Subject: RE: [REG:115021312396540] Wrong Key length in MS-BKRP 3.1.4.1.2.1 > Processing a Valid ServerWrap Wrapped Secret > > Andrew, > I am taking of this as well. > > Thanks, > Edgar > > -----Original Message----- > From: Vilmos Foltenyi > Sent: Thursday, February 12, 2015 7:34 PM > To: Andrew Bartlett > Cc: [email protected]; MSSolve Case Email > Subject: [REG:115021312396540] Wrong Key length in MS-BKRP 3.1.4.1.2.1 > Processing a Valid ServerWrap Wrapped Secret > > [dochelp to Bcc, SR # to Subject] > > Hi Andrew, > > Thank you for your question. I created case SR 115021312396540 to track this > issue with the Protocol Documentation support team. Edgar from our team will > begin working with you. > > Regards, > Vilmos Foltenyi - MSFT > > -----Original Message----- > From: Andrew Bartlett [mailto:[email protected]] > Sent: Thursday, February 12, 2015 15:55 > To: Interoperability Documentation Help > Cc: [email protected] > Subject: Wrong Key length in MS-BKRP 3.1.4.1.2.1 Processing a Valid > ServerWrap Wrapped Secret > > G'Day, > > The MS-BKRP protocol docs at "3.1.4.1.2.1 Processing a Valid ServerWrap > Wrapped Secret" (point 1) and "3.1.4.1.1 BACKUPKEY_BACKUP_GUID" (point 3) > clearly state that the first 64 bytes of the secret are used for the key. > This is not the case - testing by extracting the key from the Windows DC over > LSA QuerySecret show that the entire key (256 bytes), not the first 64 bytes, > is used. > > Please correct the docs. > > Thanks, > > Andrew Bartlett > -- > Andrew Bartlett > http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > > > > > -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
