[954] in Kerberos_V5_Development
Re: 3-DES string-to-key algorithm
daemon@ATHENA.MIT.EDU (eichin@cygnus.com)
Thu Nov 30 21:53:43 1995
Date: Thu, 30 Nov 95 21:52:27 EST
To: tytso@MIT.EDU
Cc: basch@lehman.com, sommerfeld@orchard.medford.ma.us, cvs-krb5@MIT.EDU,
krbdev@MIT.EDU
In-Reply-To: <9512010120.AA14269@dcl.MIT.EDU> (tytso@MIT.EDU)
From: eichin@cygnus.com
I'll note that under krb4, the key schedule code returns with an error
that is (almost?) universally *ignored* with the side effect that the
key schedule remains uninitialized. (remeber the first round of telnet
bugs? the key-validation checks were for parity, that time, but
there's a weak key test in the same place!) So anyone who has
generated weak keys in v4 is completely screwed :-) It seems quite
reasonable to spec the xor 0xf0 - given that the alternative is to
throw in an abort (after all, it won't happen, right? :-)
_Mark_ <eichin@cygnus.com>
Cygnus Support, Eastern USA
