[1158] in Kerberos_V5_Development
Another rfc1510 violation
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri May 10 15:34:54 1996
Date: Fri, 10 May 1996 15:33:10 -0400
To: tytso@MIT.EDU, krbdev@MIT.EDU
From: "Richard Basch" <basch@lehman.com>
I started gluing in the SHA layer by modifying the md5 glue routines and
found a few more possible problems.
If you look at md5crypto.c, you will notice that the checksum
calculation routine takes:
(..., in, in_length, confound, confound_length)
however, it is called consistently with:
(..., confound, confound_length, in, in_length)
OOPS... the md5 is being computed on the message followed by the
confounder, instead of the other way round.
I also realized that a lot of the logic was broken with regards to the
encrypted vs. decrypted sizes, but of course that won't show with MD5,
since it conveniently takes up 2 des_cblocks. People who wish to add to
the crypto layer may want to try cribbing from the sha version, when
that is proven...
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
