Date: Thu, 02 Apr 1998 10:26:04 -0800 From: Jeremy Allison <jallison@whistle.com> To: Luke Kenneth Casson Leighton <lkcl@switchboard.net> Subject: Re: NTLMSSP auth header
Luke Kenneth Casson Leighton wrote:
>
> and paul leach also mentioned that he is trying to get the various bods to
> consider releasing NTLMSSP documentation for public review, too.
>
Yeah it's been promised for a while. I'll believe it
when I see it.
> jeremy, do you _happen_ to know what then occurs if you negotiate "encrypt
> data"? note the "authentication verifier" at the end. paul ashton
> reckons that there is an rc4 key kicking about that decrypts the packet...
>
Nope, 'fraid not. I have ordered the DCE/RPC specs though,
and reading through them on the net I know understand
fully what the 4 byte pointer values are (that we add
as zero if there is no value, and 1 if there is - that's
wrong BTW, or did you fix this ?). I also now understand
why MS embedd NT pointer offsets into the DCE packets - it's
quite an elegent solution to cut down on bandwidth.
Bug me if you need an explaination.
Jeremy.
-- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. --------------------------------------------------------