2.2.6.21 SAMPR_ENCRYPTED_USER_PASSWORD

msdn link

The SAMPR_ENCRYPTED_USER_PASSWORD structure carries an encrypted string.

 typedef struct _SAMPR_ENCRYPTED_USER_PASSWORD {
   unsigned char Buffer[(256 * 2) + 4];
 } SAMPR_ENCRYPTED_USER_PASSWORD,
  *PSAMPR_ENCRYPTED_USER_PASSWORD;

Buffer: An array to carry encrypted cleartext password data. The encryption key is method-specific, while the algorithm specified in section 3.2.2.1 is common for all methods that use this structure. See the message syntax for SamrOemChangePasswordUser2 (section 3.1.5.10.2) and SamrUnicodeChangePasswordUser2 (section 3.1.5.10.3), and the message processing for SamrSetInformationUser2 (section 3.1.5.6.4), for details on the encryption key selection. The size of (256 * 2) + 4 for Buffer is determined by the size of the structure that is encrypted, SAMPR_USER_PASSWORD; see below for more details.

For all protocol uses, the decrypted format of Buffer is the following structure.

 typedef struct _SAMPR_USER_PASSWORD {
     wchar_t       Buffer[256];
     unsigned long Length;
 } SAMPR_USER_PASSWORD, *PSAMPR_USER_PASSWORD;

Buffer: This array contains the cleartext value at the end of the buffer. The start of the string is Length number of bytes from the end of the buffer. The cleartext value can be no more than 512 bytes. The unused portions of SAMPR_USER_PASSWORD.Buffer SHOULD be filled with random bytes by the client. The value 512 is chosen because that is the longest password allowed by this protocol (and enforced by the server).

Length: An unsigned integer, in little-endian byte order, that indicates the number of bytes of the cleartext value located in SAMPR_USER_PASSWORD.Buffer.

Implementations of this protocol MUST protect the SAMPR_ENCRYPTED_USER_PASSWORD structure by encrypting the 516 bytes of data referenced in its Buffer field on request (and reply), and decrypting on receipt. See section 3.2.2.1 for the specification of the algorithm performing encryption and decryption.