[1015] in Kerberos_V5_Development
Re: Quick audit of change to new_rn_key.c, please
daemon@ATHENA.MIT.EDU (Richard Basch)
Thu Feb 22 11:19:55 1996
Date: Thu, 22 Feb 1996 11:18:10 -0500
To: Barry Jaspan <bjaspan@bbnplanet.com>
Cc: "Theodore Ts'o" <tytso@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: <9602221600.AA00468@cilantro.bbnplanet.com>
From: "Richard Basch" <basch@lehman.com>
The problem is that the eight bytes being passed in might not be a DES
key at all, but just some random confounder, or the result of another
cryptosystem, so such a check should be done. If the confounder is
guessable, well, then it isn't much of a confounder. The idea is to
provide a truly random or secret value as a seed, not that it
necessarily is a DES key.
On Thu, 22-February-1996, "Barry Jaspan" wrote to "Theodore Ts'o, krbdev@MIT.EDU" saying:
>
> + if (mit_des_is_weak_key(fixed_key)) {
> + fixed_key[0] ^= 0xF0;
> + mit_des_fixup_key_parity(fixed_key);
> + }
>
> If someone discovered a bug in the code that resulted in an invalid or
> weak key being passed to this function, it seems to me they might also
> know the value of the key passed (all zeros, for example). In which
> case, flipping four bits might not help much. What you really want in
> this case is to choose a new "random" key... but of course that is
> circular. So I don't know what to do.
>
> Does this make any sense?
>
> Barry
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
