[2785] in Kerberos-V5-bugs
Re: krb5-libs/467: AFS string_to_key bounds problems...
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Sep 1 01:01:59 1997
To: deengert@anl.gov
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, Ezra Peisach <epeisach@MIT.EDU>,
krb5-bugs@MIT.EDU, krb5-unassigned@rt-11.mit.edu,
gnats-admin@rt-11.mit.edu, krb5-prs@rt-11.mit.edu
In-Reply-To: Your message of "Sat, 30 Aug 1997 20:22:58 CDT."
<3408C772.7444@anl.gov>
Date: Mon, 01 Sep 1997 01:00:48 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>Here is another approach we have been using by proceeding the salt with
>AFS:
The thing that bugs me about this patch (other than the line
wrapping, which makes it impossible to feed into patch :-) ) is
that the database already _knows_ that the salt for this key uses
the AFS stringtokey algorithm ... and it's even communicated to
the client without any overloading! (Well, okay, it's told via a
preauth hint ... but that's not even that bad). I just kinda wish
there was a "salt algorithm" argument to krb5_stringtokey() , or
even a new DES-AFS encryption type which had all of the regular
DES function pointers but the right stringtokey algorithm.
I just hate overloading the salt via in-band data, I guess.
--Ken
