[322] in Kerberos
storage of keys in the database and byte order
daemon@TELECOM.MIT.EDU (Jon Rochlis)
Mon Feb 22 21:34:53 1988
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
I've discovered a nasty little gotcha in trying to set up a slave
Kerberos running on an RT. It turns out that when keys stored in the
database are stored encytped in the master key, which is all well and
good, however the initial vector passed into pcbc_encypt is the key
schedule (well, the first 64 bits of it anyway) *which is byte-order
dependent*. This means that the internal formats of
the database are different on different byte order architectures and
you cannot go back and forth.
All other uses of pcbc_encypt in the krb library use the key itself as
the initial vector.
Is there a reason for this difference?
Is now the time to change the database touching programs to use the
key as the initial vector? (I'm volunteering to do it.) I count the
following programs as needing two or three lines of changes (as well
as a conversion program for the existing databases) ... kerberos.c,
kerberos_slave.c, admin_server.c, kdb_init.c, kdb_edit.c,
ext_srvtab.c, kstash.c. Any others?
I think this is important.
-- Jon
