Key derivation with non-ASCII characters

Jeffrey Altman jaltman2 at
Tue Sep 21 10:15:29 EDT 2004

Thanks to Microsoft we have an answer to this question.
Apparently, Windows does not use UTF-8 for the DES string to key
operations.  UTF-8 is only used for RC4-HMAC.

In the DES string to key operations, the current locally defined
OEM Code Page is used.


Of course, this can result in all of the problems associated with 
non-ASCII characters as described in Kerberos Clarifications if the
OEM Code Page of the client does not match the character-set of the

If you are going to use DES keys you had better stick to ASCII only

Jeffrey Altman

More information about the Kerberos mailing list