Turning off encryption

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue Jun 18 16:13:20 EDT 2002


>I am implementing one-time-passwords into Kerberos 1.2.5.
>More specifically I'm using hardware authenticaiton
>for the principal in question which must provide a
>one-time-password to the presented challenge.
>The get_sam_edata is done and provides the challenge.

Peter,

If you're willing to wait, I am going to be doing some serious
rototilling on the whole hardware preauthentication code and protocol.
But I think that most of us that use CRYPTOCards would prefer that the
response be used in a method that increases cryptographic entropy,
rather than just sending over the output of the card.  Talk to me
off-line if you're interested in details.

--Ken



More information about the Kerberos mailing list