[1852] in Kerberos-V5-bugs
Re: k5 gss doesn't conform to spec
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Mar 29 12:32:23 1996
Date: Fri, 29 Mar 1996 12:32:15 -0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: "Richard Basch" <basch@lehman.com>
Cc: krb5-bugs@MIT.EDU, John Linn <linn@cam.ov.com>
In-Reply-To: "[1851] in Kerberos-V5-bugs"
Date: Fri, 29 Mar 1996 02:10:49 -0500
From: "Richard Basch" <basch@lehman.com>
1.2.2.1 Checksum
DES MAC MD5 algorithm ... A standard 64-bit DES-CBC MAC is computed per
[FIPS PUB 113], employing the context key and a zero IV.
If you follow the checksum logic, it uses the key as the IV.
Thanks for noticing this. A quick check through our sources indicates
that GSSAPI is the only thing that is using CKSUMTYPE_DESCBC. How to
fix this while preserving backwards compatibility may be a bit
interesting, though. For the GSSAPI, we do have an out because when
the Kerberos V5 GSSAPI gets published, it mandates a change in the OID.
So we can probably kludge something based on that.
The only question, though, is whether anything else used to use that
cksumtype. My main concern at this point is old OSF/DCE
implementations. If someone has any information on that score, I'd
appreciate hearing about it.
Thanks, regards..
- Ted
