Wireshark-bugs: [Wireshark-bugs] [Bug 10777] New: Description for `smb.encryption_key` is probab
Date: Mon, 15 Dec 2014 14:11:22 +0000
Bug ID 10777
Summary Description for `smb.encryption_key` is probably inaccurate.
Product Wireshark
Version 1.12.2
Hardware x86-64
OS Windows 8.1
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter taopy@qq.com

Created attachment 13324 [details]
an SMB session

Build Information:
Version 1.12.2 (v1.12.2-0-g898fa22 from master-1.12)
--
Protocol: SMB
Packet: Negotiate Protocol Response

In the response packet, SMB Server will return a **nonce** if
Challenge/Response Authentication is enabled. The **nonce** corresponds to the
field named **Encryption Key** in Wireshark.

**Encryption Key** will mislead users to regard this as **a key for cipher
algorithms**. However, this nonce is been used as the **plain text** input of
DES or HMAC-MD5 than the **key** input in NTLMv1/2. [1]

So I suggest changing the field name from **Encryption Key** to **Challenge
Nonce** or other appropriate words.

Thanks for reading.

Reference:
[1]:http://en.wikipedia.org/wiki/NT_LAN_Manager#NTLMv1


You are receiving this mail because:
  • You are watching all bug changes.