AS_REP question
Chaskiel M Grundman
cg2v at andrew.cmu.edu
Wed Sep 21 11:18:06 EDT 2005
--On Wednesday, September 21, 2005 07:07:03 -0700 NetSteady
<cmhutch at gmail.com> wrote:
> In reading the RFC's it seems as though the encrypted data in the
> packet should be able to be decrypted if we have the proper password.
> However, the encrypted data changes with every attempt we send, and we
> can't figure out which variable is changing.
The contents of the EncryptedData is an EncKDCRepPart. The first item in an
EncKDCRepPart is the randomly chosen EncryptionKey that the KDC picked as
the ticket session key. In addition, the EncryptedData contains a
counfounder (a random block prepended to the plaintext in lieu of using an
initial vector in the cipher). The confounder needs to be stripped off as
part of the decryption operation (but, IIRC, after the checksum is
verified).
Also, have you verified your string-to-key transformation against the test
vectors in rfc3961?
More information about the Kerberos
mailing list