diff options
author | Luke Leighton <lkcl@samba.org> | 1999-11-21 19:24:01 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1999-11-21 19:24:01 +0000 |
commit | dab1a1227873f1a88dc7a4b8f63edcccd60ada85 (patch) | |
tree | c73b914c6ed0287542a0760800e3a236484b3892 /source3/libsmb/smbencrypt.c | |
parent | 680dcc934182544aa49a4a426f2263c1aaedd4aa (diff) | |
download | samba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.tar.gz samba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.tar.bz2 samba-dab1a1227873f1a88dc7a4b8f63edcccd60ada85.zip |
you know what? this sort of thing makes me laugh. hmm, what functions
have we got. and what data do we have. hmm.. i wonder what the NTLMv2
user session key can be... hmmm... weell.... there's some hidden data
here, generated from the user password that doesn't go over-the-wire,
so that's _got_ to be involved. and... that bit of data took a lot of
computation to produce, so it's probably _also_ involved... and md4 no, md5?
no, how about hmac_md5 yes let's try that one (the other's didn't work)
oh goodie, it worked!
i love it when this sort of thing happens. took all of fifteen minutes to
guess it. tried concatenating client and server challenges. tried
concatenating _random_ bits of client and server challenges. tried
md5 of the above. tried hmac_md5 of the above. eventually, it boils down
to this:
kr = MD4(NT#,username,domainname)
hmacntchal=hmac_md5(kr, nt server challenge)
sess_key = hmac_md5(kr, hmacntchal);
(This used to be commit ab174759cd210fe1be888d0c589a5b2669f7ff1e)
Diffstat (limited to 'source3/libsmb/smbencrypt.c')
-rw-r--r-- | source3/libsmb/smbencrypt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c index 659dba6562..6bc0e71f6f 100644 --- a/source3/libsmb/smbencrypt.c +++ b/source3/libsmb/smbencrypt.c @@ -479,7 +479,7 @@ void create_ntlmssp_resp(struct pwd_info *pwd, unsigned char nt_owf[128]; size_t nt_owf_len; - pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf, &nt_owf_len); + pwd_get_lm_nt_owf(pwd, lm_owf, nt_owf, &nt_owf_len, NULL); make_rpc_auth_ntlmssp_resp(&ntlmssp_resp, lm_owf, nt_owf, nt_owf_len, |