[31566] in Kerberos
Re: RFC 3962 and DK(tkey, "kerberos") function
daemon@ATHENA.MIT.EDU (kerberos@noopy.org)
Fri Oct 9 12:10:38 2009
MIME-Version: 1.0
In-Reply-To: <1255096134.24377.62.camel@ray>
Date: Fri, 9 Oct 2009 12:05:40 -0400
Message-ID: <cba4e37e0910090905r344177e7v704b14758c918fbe@mail.gmail.com>
From: kerberos@noopy.org
To: Greg Hudson <ghudson@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Fri, Oct 9, 2009 at 9:48 AM, Greg Hudson <ghudson@mit.edu> wrote:
> On Thu, 2009-10-08 at 21:26 -0400, kerberos@noopy.org wrote:
>> It looks like "kerberos" has to be folded (maybe
>> n-folded) somehow so that I can use it as my IV, but I am not quite
>> sure I'm on the right track.
>
> You do need to n-fold "kerberos" to the block size (128 bits). I'm not
> sure I can describe n-fold better than the RFC; I suggest using the test
> vectors from RFC 3961 to determine when you've gotten it right.
Okay, I think I found a older posting from the archives that might be useful:
http://mailman.mit.edu/pipermail/krbdev/2009-April/007656.html
In short:
"
The pseudocode for DES3string-to-key in RFC 3961 includes:
s = passwordString + salt
tmpKey = random-to-key(168-fold(s))
key = DK (tmpKey, KerberosConstant)
So n-fold scrambles the salt and password together. The DK function
basically iteratively encrypts the KerberosConstant (64-fold of the
string "kerberos") and uses the output blocks concatenated to generate
the final key.
"
Yes, I know it's about DES3, but I assume my version will instead
128-fold the string "kerberos" in my DK() method?
--
K
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
