encryption and decryption help

CD000 Albert Shen zyshen at fameg.com
Thu Jul 22 04:54:59 EDT 2004


hi, all:
 
     I program a simple client on the embedded system. I use the des-cbc-md5 and des-cbc-crc as the prefered encryption and checksum algorithm. But I find the iv for md5 mode is just 8 bytes 0 and the iv for crc is the same as the key. So I am confused bucause the ivs for these two modes are all 0 according to RFC1510. Is the rfc has been changed or MIT kdc makes a change.
 
     Another problem is when I derive an initial key from user's password, I found MIT release just use the password instead of password plus principal name and realm according to the rfc. By tracing the code, I find there are two parameters passed to string2key function---password and salt. I guess salt maybe something about principal name or realm. But every time calling this function, the salt is just NULL, why?
 
     Last question is when I get a AS-REQ packet, the padata item exists. Its type is PA-PW-SALT, but its contents is missing, what does it mean?
 
thanks all!



More information about the Kerberos mailing list