[477] in Kerberos
completeness of DES_CRYPT(3)
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Fri Aug 5 13:07:36 1988
To: kerberos@ATHENA.MIT.EDU
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
As everyone on this list probably knows, export of Kerberos outside
the U.S. leads, because it uses cryptographic techniques, into a
wonderful maze of government regulations, controls, confusion, and
related time-sinks. I'm looking at a particular narrow question in
the middle of that maze, and would like to get opinions from anyone
who has looked at the relevant parts of Kerberos.
The question is the following: if one were to receive a copy of the
Kerberos sources with the DES library sources and binaries omitted,
would it be possible to write a working library with the information
found in the man pages labeled DES_CRYPT(3), assuming the programmer
also had copies of the relevant FIPS specifications of DES and DES
usage?
A reasonable meaning for the term "working library" is that servers
and clients could interwork in any combination: e.g., a client loaded
with the standard distribution library could get tickets from a
server loaded with the newly-programmed library, and that those
tickets would be recognized by servers loaded with either the
standard distribution or the newly-programmed library. All clients
(including, e.g., password-changing commands) should interwork.
A weaker definition of "working library" (let's call this "working
without interworking") would be that the resulting library could be
used to put together a complete self-consistent set of clients and
servers that work together but that don't work across the net with
clients or servers from a realm that uses the standard distribution.
There are two obvious possible stumbling blocks:
1. The algorithm to be used by subroutine string-to-key is not
specified in DES_CRYPT(3), but a first look suggests that it may not
matter; as long as everyone within a single realm agrees on the
algorithm used by string-to-key within that realm, it doesn't matter
if different realms use different algorithms. (Can anyone think of a
counterexample?)
2. The function of pcbc_encrypt isn't specified in the FIPS
standards, but a first look at the man page suggests that it supplies
enough detail. (Again, alternate opinions are solicited.)
Are there any others?
Thanks for your help.
Jerry
