[16666] in Kerberos_V5_Development
DES string-to-key and crypto modules
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Sat Mar 5 14:04:34 2011
Date: Sat, 5 Mar 2011 14:04:25 -0500 (EST)
From: ghudson@mit.edu
Message-Id: <201103051904.p25J4Ppb000442@outgoing.mit.edu>
To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Currently libk5crypto delegates responsibility for string-to-key to
the modules. There are some issues with this:
* OpenSSL implements DES_string_to_key() as some kind of ancient
backwards-compatibility measure, but at least in the version I
tested (1.0.0a), it did not appear to correctly handle weak
keys--there's code for it, but it's #ifdef'd out. As a consequence,
it produces wrong answers for two of the test vectors in RFC 3960.
The chances of running into this case non-deliberately in operation
are, of course, quite low.
* I don't think NSS implements it at all. (Currently, the NSS module
does completely the wrong thing for DES string to key, I believe;
I'm treating that as a bug.)
My inclination is to move the built-in DES string-to-key into
lib/crypto/krb and stop asking the modules to do it, as it's far from
a standard crypto primitive like PBKDF2. Does that seem reasonable?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
