Key derivation with non-ASCII characters
Ken Raeburn
raeburn at MIT.EDU
Thu Sep 9 12:02:45 EDT 2004
On Sep 8, 2004, at 09:14, Frank Taylor wrote:
> The client code is jKrb5 (from
> http://www.mit.edu/afs/athena/astaff/project/krb5/raeburn/jkrb5 with a
> few fixes and additions).
Uh. I'm not used to people picking stuff up out of my random
development spaces, but okay... I picked that up a while ago, IIRC
it's related to the stonesoup java kerberos work. I have no idea if
it's current, if they're doing more work, if other people have bug
fixes, etc. My copy certainly shouldn't be considered an authoritative
source.
> 5) Summary
>
> It seems that our client code is correct w.r.t. to the draft Kerberos
> and crypto specs, however MS AD is producing/expecting different keys
> for non-7-bit-ASCII passwords even though the salt is the same.
>
> Any ideas on where to go next?
If no MS people answer promptly, I'd try a few other permutations.
Perhaps UTF-16 encodings for the password, or password and salt, for
the case where a non-ASCII character is found.
Ken
More information about the Kerberos
mailing list