[329] in Kerberos
Re: re: Storage of keys...
daemon@TELECOM.MIT.EDU (Steve Miller)
Wed Feb 24 10:45:57 1988
From: miller%erlang.DEC@DECWRL.DEC.COM (Steve Miller)
To: kerberos@ATHENA.MIT.EDU, MILLER%erlang.DEC@DECWRL.DEC.COM
Right, Jon and Jeff, though it is a bit more work. I can't remember any
other reason to use the key schedule instead of the key. In the long term,
if the use of DES ever migrates towards hardware, I think you are better off
assuming you can't read the key or key schedule, and using a one-way
encrypted constant. Then the key and key schedule arguments just become
handles that point to something within the confines of the DES hardware.
But for now I think the key is ok for the IV, provided you convert the
database!
Steve
