SMB 2 and SMB 3 security in Windows 10: the anatomy of signing and cryptographic keys

Signing is an integral security feature in SMB2 since its inception. Encryption starts in SMB3 as an important security enhancement. This article reviews the security evolution of the authenticated session as well as computation of keys used in SMB 2.x through 3.1.1 dialects. It provides test vectors for key computation in SMB 3.0 and SMB…


How Kerberos user-to-user authentication works?

The Kerberos user-to-user (U2U) authentication mechanism enables a client to authenticate to a service that is not in possession of the long-term secret key. U2U allows one principal to authenticate using a ticket encrypted with the session key from a TGT issued to another principal. This article discusses the messages involved in the mechanism. It…