[31298] in Kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Problem writing keyblock to krb5.keytab w/keytab binary format.

daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Jul 15 15:16:58 2009

From: Ken Raeburn <raeburn@mit.edu>
To: kerberos@noopy.org
In-Reply-To: <cba4e37e0907150936y7c698987g4075754c9eb9f510@mail.gmail.com>
Message-Id: <F842A520-104A-4179-9429-A10F53B3BD4A@mit.edu>
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Wed, 15 Jul 2009 15:16:40 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Jul 15, 2009, at 12:36, kerberos@noopy.org wrote:
> In my DES calls I:
>  - pad and convert the salt from string to unsigned long to byte[8].
>  - use the converted salt as the key and initialization vector.
>  - use a cipher mode of CBC.
>  - write password to crypto stream.
>  - return array of bytes that reflect my encrypted key.
>  - binary write keyblock to new.keytab.

This is not the mechanism Kerberos uses for generating a DES key from  
a password and salt.  Check RFC 3961, particularly section 6.2.

-- 
Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post