An CIFS server keeps an encrypted form of a client’s password. To gain authenticated access to server resources, the server sends a challenge to the client, which the client responds to in a way that proves it knows the client's password.
Authentication makes use of DES encryption [5] in block mode. We denote the DES encryption function as E(K,D), which accepts a seven byte key (K) and an eight byte data block (D) and produces an eight byte encrypted data block as its value. If the data to be encrypted is longer than eight bytes, the encryption function is applied to each block of eight bytes in sequence and the results are appended together. If the key is longer than seven bytes, the data is first completely encrypted using the first seven bytes of the key, then the second seven bytes, etc., appending the results each time. In other words, to encrypt the 16 byte quantity D0D1 with the 14 byte key K0K1,
E(K0K1,D0D1) = E(K0,D0)E(K0,D1)E(K1,D0)E(K1,D1)
The EncryptionKey field in the SMB_COM_NEGPROT response contains an 8 byte challenge denoted below as "C8", chosen to be unique to prevent replay attacks; the client responds with a 24 byte response denoted "P24", and computed as described below. (Note: the name "EncryptionKey" is historical -- it doesn't actually hold an encryption key.)
Clients send the response to the challenge in the SMB_COM_TREE_CONNECT, SMB_COM_TREE_CONNECT_ANDX, and/or SMB_COM_SESSION_SETUP_ANDX request which follows the SMB_COM_NEGPROT message exchange. The server must validate the response by performing the same computations the client did to create it, and ensuring the strings match.
If the comparisons fail, the client system may be incapable of encryption; if so the string may be the user password in clear text. The server should try to validating the string as though it were the unencrypted password.
The SMB field used to store the response depends upon the request:
SMB_COM_TREE_CONNECTSMB_COM_TREE_CONNECT_ANDXAccountPassword in SMB_COM_SESSION_SETUP_ANDX(Note: again, the names are historical, and do not reflect this usage.)
The contents of the response to the challenge depends on the CIFS dialect, as outlined in the following sections: