[cifs-protocol] [MS-SAMR] 3.2.2.5 Deriving an Encryption Key from a Plaintext Password

Thu, 14 Jul 2022 01:03:47 -0700 

Dear Dochelp Team,

I need your help again :-)

I'm trying to implement SamrUnicodeChangePasswordUser4. However when I try to 
run my implementation against Windows. I always get STATUS_WRONG_PASSWORD 
returned.

For the SamrUnicodeChangePasswordUser4 method (section 3.1.5.10.4), the shared 
secret is the plaintext old password and the CEK is generated as specified in 
section 3.2.2.5.

3.2.2.5 Deriving an Encryption Key from a Plaintext Password

The client MUST derive the CEK in the following manner:
CEK :: = (PBKDF2(NT HASH of “OldPassword”, Salt, IterationCount, 512))



Looking at the RFC 8018 section 5.2:

PBKDF2 (P, S, c, dkLen)

   Options:        PRF        underlying pseudorandom function (hLen
                              denotes the length in octets of the
                              pseudorandom function output)

   Input:          P          password, an octet string
                   S          salt, an octet string
                   c          iteration count, a positive integer
                   dkLen      intended length in octets of the derived
                              key, a positive integer, at most
                              (2^32 - 1) * hLen

   Output:         DK         derived key, a dkLen-octet string


The MS-SAMR document doesn't say a word about the dkLen. Which would be how 
many bytes the pbkdf2 function should return for the CEK.

I've used 16 bytes (same as the session key) as dkLen. However I get 
STATUS_WRONG_PASSWORD


./bin/rpcclient ncacn_np:earth.milkyway.site -U'bob%Pa$$w0rd@3' -c 'chgpasswd4 
bob Pa$$w0rd@3 Pa$$w0rd@6'
[...]
rpc_api_pipe: host earth.milkyway.site returned 4 bytes.
     samr_ChangePasswordUser4: struct samr_ChangePasswordUser4
        out: struct samr_ChangePasswordUser4
            result                   : NT_STATUS_WRONG_PASSWORD


I've uploaded traces to:

https://support.microsoft.com/files?
workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiNTY5YjBlMTItMzYyNS00NjhlLWIwNjgtOTBiZDYyZDk2MTllIiwic3IiOiIyMjA3MTEwMDQwMDA4ODMyIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJhYzUxMDFlOS1mMTExLTQ5MGUtOGVlYS04NWMxNGMyNzMyNmIiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2NjU0MTQxMzEsIm5iZiI6MTY1NzYzODEzMX0.Oe0Nrl4WiClzTrLHTGeFVX6S-
oHNH4LjSGoiVF9eXNo9wN9w-
NyabVRaEUpWVvKheXcqukAuNYvxDGCnoj2ZbpPsE1JY4EByZfqC2l--8i6N0smD8Rtccd_YLg_hx9SqGO-
Dgr6Y5zLo6FMBUnfF6xQ8jhqB5a7ZJf4-
TfMnCgXDsltrLzB_JU1rLDsVGI5ZzZfN9BEOJeKxS9PJEB3azUy8lFvcMsyq8ZL5LOzyQyhg7H2CglwDjzNeGmg2Wov8vdVdh3Ahk0AZ08Otf7i-7tpggx0F9FsH13oS2j6IOzEni23z2G6AqNL4j7ss_23sCp5njIL70rvGv3LliynERA&wid=569b0e12-3625-468e-
b068-90bd62d9619e


Help here would be much appreciated. Thanks you dochelp team.


Best regards


        Andreas

-- 
Andreas Schneider                      a...@samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D



_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol

Reply via email to