Wireshark · Ethereal-dev: Re: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding

Ethereal-dev: Re: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Tim Potter <tpot@xxxxxxxxx>

Date: Fri, 25 Jul 2003 11:03:07 +1000

On Thu, Jul 24, 2003 at 04:48:59PM -0400, Devin Heitmueller wrote:

> > Perhaps Microsoft "embraced and extended" that field to specify padding
> > to make the stub data a multiple of 16 bytes for NTLMSSP (I think I
> > mentioned that possibility in mail on this topic a while ago), but the
> > DCE RPC 1.1 spec, at least, seems to indicate that it's there to align
> > the fields of an "auth_verifier_co_t" on a 4-byte boundary.
> 
> I don't see any incentive from a design standpoint, but who knows.... 
> My only thought was if they wanted to work with block ciphers that
> operate on 128 bits at a time.  I know you mentioned this previously,
> and I had forgotten.

I think this is correct.  My NETLOGON secure channel decryptor wasn't
decrypting packets properly until I included the padding in the data
stream.  It was one of those 'aha' moments.


Tim.

References:
- RE: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding
  - From: Devin Heitmueller
- Re: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding
  - From: Guy Harris
- Re: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding
  - From: Devin Heitmueller

Prev by Date: Re: [Ethereal-dev] New preference for tcp
Next by Date: [Ethereal-dev] [PATCH] WSP parsing of x-wap.tod encoded as text
Previous by thread: Re: [Ethereal-dev] Fix for NTLMSSP decryption support with DCE/RPC auth padding
Next by thread: [Ethereal-dev] Compiling ethereal with glib2 and gtk1.3 on Win32
Index(es):
- Date
- Thread