Key derivation with non-ASCII characters

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Sep 21 10:15:29 EDT 2004


Thanks to Microsoft we have an answer to this question.
Apparently, Windows does not use UTF-8 for the DES string to key
operations.  UTF-8 is only used for RC4-HMAC.

In the DES string to key operations, the current locally defined
OEM Code Page is used.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage\OEMCP.

Of course, this can result in all of the problems associated with 
non-ASCII characters as described in Kerberos Clarifications if the
OEM Code Page of the client does not match the character-set of the
KDC.

If you are going to use DES keys you had better stick to ASCII only
names.

Jeffrey Altman



More information about the Kerberos mailing list