[388] in Kerberos
Re: faster encrypted rlogin
daemon@TELECOM.MIT.EDU (Steve Miller)
Mon Jun 6 15:16:23 1988
From: miller%erlang.DEC@DECWRL.DEC.COM (Steve Miller)
To: kerberos@ATHENA.MIT.EDU, MILLER%erlang.DEC@DECWRL.DEC.COM
Ken and Jeff's suggestion sounds like a variation on a Vernam cipher,
or one-time-pad. A true random bit stream used as the XOR is uncrackable,
if used only once, and is used for the highest security level communications.
So the question is to make sure you get a good pseudo-random stream from
the DES seed, and don't reuse it. The reuse is a problem with Kerberos,
since the Session key is valid for some considerable time -- actually
can be multiple sessions.
You could use the DES output feedback (OFB) mode to produce the bit stream,
or even better, according to our crypto guru, just use a counter that
doesn't wrap, e.g. >=32 bits, and encrypt the counter.
Let me know how it works out.
Steve.
