[31563] in Kerberos
RFC 3962 and DK(tkey, "kerberos") function
daemon@ATHENA.MIT.EDU (kerberos@noopy.org)
Fri Oct 9 00:12:05 2009
MIME-Version: 1.0
Date: Thu, 8 Oct 2009 21:26:00 -0400
Message-ID: <cba4e37e0910081826s5a80b478w2d2acd3b34d07cd0@mail.gmail.com>
From: kerberos@noopy.org
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I've been working on generating AES keys for a keytab. I've been
following RFC 3962 and 3961 and have gotten as far as implementing a
PBKDF2 function in C# per RFC 2898. Following this high-level
representation of AES 128
(http://msdn.microsoft.com/en-us/library/dd304065%28PROT.10%29.aspx)
my results are correct thus far. I am having a heck of a time
implementing a DK() function in C# however.
I implemented PBKDF2(...) with C#'s Rfc2898DeriveBytes class and what
I don't quite understand is how "kerberos" is hashed against the
intermediate key generated by Rfc2898DeriveBytes to generate my AES
128, 256, etc key. It looks like "kerberos" has to be folded (maybe
n-folded) somehow so that I can use it as my IV, but I am not quite
sure I'm on the right track. I've been comparing my results with
ktpass.exe (when I create a keytab w/an itercount of 4096 and type of
AES128-SHA1) to what I'm generating but no dice.
Can someone shed some light on this?
--
K
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
