Key derivation with non-ASCII characters
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Sep 21 10:15:29 EDT 2004
Thanks to Microsoft we have an answer to this question.
Apparently, Windows does not use UTF-8 for the DES string to key
operations. UTF-8 is only used for RC4-HMAC.
In the DES string to key operations, the current locally defined
OEM Code Page is used.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage\OEMCP.
Of course, this can result in all of the problems associated with
non-ASCII characters as described in Kerberos Clarifications if the
OEM Code Page of the client does not match the character-set of the
KDC.
If you are going to use DES keys you had better stick to ASCII only
names.
Jeffrey Altman
More information about the Kerberos
mailing list