Docs on string-to-key routines?
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Mar 11 20:54:14 EST 2004
On Thursday, March 11, 2004 16:38:46 -0800 "Henry B. Hotz"
<hotz at jpl.nasa.gov> wrote:
> Where is the "real" description of the string-to-key functions, V4, AFS,
> and V5?
>
> My specific question is whether any of them have hard upper bounds on
> password length. Saw a reference that seemed to imply they were
> encryption type specific, but I can't find it again (and that doesn't
> seem quite right in any case). --
String-to-key operations are indeed enctype-specific -- they need to be,
since they must produce a key that is valid for the enctype in use.
Specifications for the string-to-key algorithms for standards-track
Kerberos 5 enctypes can be found in
draft-ietf-krb-wg-crypto-07.txt
draft-raeburn-krb-rijndael-krb-05.txt
"Standard" Kerberos 4 supports only single-DES encryption. The
string-to-key function is the same as that described in
draft-ietf-krb-wg-crypto-07.txt for DES-CBC-CRC, with the salt string and
parameter block both empty (krb4 does not salt keys).
AFS supports only the single-DES enctype. The AFS string-to-key function
is not documented; you'll have to read the source.
All of these functions support input of essentially unlimited length.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list