[31578] in Kerberos
Re: RFC 3962 and DK(tkey, "kerberos") function
daemon@ATHENA.MIT.EDU (kerberos@noopy.org)
Tue Oct 13 15:44:03 2009
MIME-Version: 1.0
In-Reply-To: <ldvskds8rbm.fsf@cathode-dark-space.mit.edu>
Date: Tue, 13 Oct 2009 15:42:19 -0400
Message-ID: <cba4e37e0910131242y7c4bb52auaca0b76055c71181@mail.gmail.com>
From: kerberos@noopy.org
To: Tom Yu <tlyu@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello,
Thanks for your response! Further stuff inline.
On Fri, Oct 9, 2009 at 12:28 PM, Tom Yu <tlyu@mit.edu> wrote:
>
> The IV is also known as the "cipher state" for CBC ciphers, and each
> cryptosystem specification includes a default initial cipher state.
> For "simplified profile" (e.g. DES3 and AES) cryptosystems, this is
> all-bits-zero.
OK.
>
> The DK function uses n-fold to expand the well-known constant
> "kerberos" to a full cipher block length and then uses a temporary key
> to encrypt that block. It does not use the n-folded constant as an
> IV. In the case of AES, the temporary key is the output of PBKDF2.
>
When using the following from test vectors as written in
http://www.apps.ietf.org/rfc/rfc3962.html Appendix B, Example 1
(Iteration count = 1, Pass phrase = "password", Salt =
"ATHENA.MIT.EDUraeburn"):
- My Rfc2898DeriveBytes(...) function matches the 128-bit PBKDF2
output when I use the values above.
- My N-fold function for "kerberos" matches the test vectors for
128-fold "kerberos" in
http://www.apps.ietf.org/rfc/rfc3961.html#sec-A.1.
My 128-bit AES key *doesn't* match the one in
http://www.apps.ietf.org/rfc/rfc3962.html Appendix B, Example 1. I'm
not clear why this is happening -- but suspect the problem lies
somewhere in what I'm encrypting rather than in creating a temporary
key or in my n-folding function. Basically what I'm trying to do in
my DK function is: "encrypt my 'kerberos' block with the temporary key
I got from my derive bytes function."
Am I understanding how I create the final key correctly here?
--
K
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
