[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: Re: [cifs-protocol] MSFT-CVE-2022-21925 MS-BKRP 3.2.4.1 Performing Client-Side Wrapping of Secrets -
From: Stefan Metzmacher via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date: 2022-07-25 21:45:06
Message-ID: de273d05-ea0e-4cd7-5e1a-4908f598a249 () samba ! org
[Download RAW message or body]
Am 25.07.22 um 23:37 schrieb Andrew Bartlett:
> On Mon, 2022-07-25 at 16:55 +0200, Stefan Metzmacher via cifs-protocol
> wrote:
>> Ok, at this point we managed to get it working by removing the
>> BCKUPKEY_PREFERRED (symlink),
>>
>> which means a new public key pair with a new certificate was
>> generated (with a current samba version).
>>
>> It seems certificates generated by 10 year old samba versions are not
>> accepted.
>
> From memory I think they got generated short, perhaps by just 1 bit
> (the leading bit was 0) or our key length was 1024 or such.
2047 bits, but there were also a lot of other differences.
I also noticed Windows is using an null terminated utf-16le string
as gnutls_x509_crt_set_[issuer_]dn(), see
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=6f74c7351ab027b52c4ad326d059930ac1e88f65
metze
_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic