[1014] in Kerberos_V5_Development
Re: Quick audit of change to new_rn_key.c, please
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu Feb 22 11:00:40 1996
Date: Thu, 22 Feb 96 11:00:57 EST
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: Theodore Ts'o <tytso@MIT.EDU>
Cc: krbdev@MIT.EDU
In-Reply-To: [1013]
+ if (mit_des_is_weak_key(fixed_key)) {
+ fixed_key[0] ^= 0xF0;
+ mit_des_fixup_key_parity(fixed_key);
+ }
If someone discovered a bug in the code that resulted in an invalid or
weak key being passed to this function, it seems to me they might also
know the value of the key passed (all zeros, for example). In which
case, flipping four bits might not help much. What you really want in
this case is to choose a new "random" key... but of course that is
circular. So I don't know what to do.
Does this make any sense?
Barry
