encryption and decryption help
CD000 Albert Shen
zyshen at fameg.com
Thu Jul 22 04:54:59 EDT 2004
hi, all:
I program a simple client on the embedded system. I use the des-cbc-md5 and des-cbc-crc as the prefered encryption and checksum algorithm. But I find the iv for md5 mode is just 8 bytes 0 and the iv for crc is the same as the key. So I am confused bucause the ivs for these two modes are all 0 according to RFC1510. Is the rfc has been changed or MIT kdc makes a change.
Another problem is when I derive an initial key from user's password, I found MIT release just use the password instead of password plus principal name and realm according to the rfc. By tracing the code, I find there are two parameters passed to string2key function---password and salt. I guess salt maybe something about principal name or realm. But every time calling this function, the salt is just NULL, why?
Last question is when I get a AS-REQ packet, the padata item exists. Its type is PA-PW-SALT, but its contents is missing, what does it mean?
thanks all!
More information about the Kerberos
mailing list