[31564] in Kerberos
Re: RFC 3962 and DK(tkey, "kerberos") function
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Oct 9 09:49:24 2009
From: Greg Hudson <ghudson@mit.edu>
To: "kerberos@noopy.org" <kerberos@noopy.org>
In-Reply-To: <cba4e37e0910081826s5a80b478w2d2acd3b34d07cd0@mail.gmail.com>
Date: Fri, 09 Oct 2009 09:48:54 -0400
Message-Id: <1255096134.24377.62.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2009-10-08 at 21:26 -0400, kerberos@noopy.org wrote:
> It looks like "kerberos" has to be folded (maybe
> n-folded) somehow so that I can use it as my IV, but I am not quite
> sure I'm on the right track.
You do need to n-fold "kerberos" to the block size (128 bits). I'm not
sure I can describe n-fold better than the RFC; I suggest using the test
vectors from RFC 3961 to determine when you've gotten it right.
You do not need to fiddle with IVs. Once you have n-folded "kerberos"
to 128 bits, you just encrypt those 128 bits with the intermediate key
to produce the 128 bits of the final key. For AES-256, you encrypt the
first 128 bits of the final key with the intermediate key (again) to
produce the other 128 bits of the final key. Again, I suggest using the
test vectors from RFC 3962 as an authoritative check, in case you're
making incorrect assumptions about the usage of ktpass.exe.
Best of luck!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
