RFC 3962 and DK(tkey, "kerberos") function
Greg Hudson
ghudson at MIT.EDU
Fri Oct 9 09:48:54 EDT 2009
On Thu, 2009-10-08 at 21:26 -0400, kerberos at noopy.org wrote:
> It looks like "kerberos" has to be folded (maybe
> n-folded) somehow so that I can use it as my IV, but I am not quite
> sure I'm on the right track.
You do need to n-fold "kerberos" to the block size (128 bits). I'm not
sure I can describe n-fold better than the RFC; I suggest using the test
vectors from RFC 3961 to determine when you've gotten it right.
You do not need to fiddle with IVs. Once you have n-folded "kerberos"
to 128 bits, you just encrypt those 128 bits with the intermediate key
to produce the 128 bits of the final key. For AES-256, you encrypt the
first 128 bits of the final key with the intermediate key (again) to
produce the other 128 bits of the final key. Again, I suggest using the
test vectors from RFC 3962 as an authoritative check, in case you're
making incorrect assumptions about the usage of ktpass.exe.
Best of luck!
More information about the Kerberos
mailing list