[587] in Kerberos
Re: password checking
daemon@TELECOM.MIT.EDU (Ted Anderson)
Tue Jan 10 14:45:28 1989
From: Ted Anderson <ota+@ANDREW.CMU.EDU>
To: chariot@ATHENA.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: <8901101837.AA26873@VULCAN.MIT.EDU>
So what are the existing algorithms for converting long strings to DES keys?
One version I looked at (I think it was the Kerberos string_to_key) tried to fan
fold the bits of the string with XOR between the folds. This is unlikely to be
anywhere near as good as using DES.
I suggest using CBC encryption of the password string with the realm name
appended and using the last block to generate the key. This is exactly what the
Kerberos DES library routine cbc_cksum does. All we need is the key which
should be constant or easily derived on a per realm basis. I suggest the string
"kerberos" with each character left shifted one bit to avoid being bashed by the
parity fixup.
Since this is probably incompatible with current ways of handling long passwords
there would be a conversion problem. Are there a lot of long passwords out
there in Kerberos land? Vanilla Unix doesn't permit long ones at all. If we
use the old scheme for passwords of 8 chars or less and the above mechanism for
anything longer we should be able to perform the transition fairly smoothly.
Ted Anderson
