RFC 3962 and DK(tkey, "kerberos") function
kerberos@noopy.org
kerberos at noopy.org
Fri Oct 9 12:05:40 EDT 2009
On Fri, Oct 9, 2009 at 9:48 AM, Greg Hudson <ghudson at mit.edu> wrote:
> On Thu, 2009-10-08 at 21:26 -0400, kerberos at noopy.org wrote:
>> It looks like "kerberos" has to be folded (maybe
>> n-folded) somehow so that I can use it as my IV, but I am not quite
>> sure I'm on the right track.
>
> You do need to n-fold "kerberos" to the block size (128 bits). I'm not
> sure I can describe n-fold better than the RFC; I suggest using the test
> vectors from RFC 3961 to determine when you've gotten it right.
Okay, I think I found a older posting from the archives that might be useful:
http://mailman.mit.edu/pipermail/krbdev/2009-April/007656.html
In short:
"
The pseudocode for DES3string-to-key in RFC 3961 includes:
s = passwordString + salt
tmpKey = random-to-key(168-fold(s))
key = DK (tmpKey, KerberosConstant)
So n-fold scrambles the salt and password together. The DK function
basically iteratively encrypts the KerberosConstant (64-fold of the
string "kerberos") and uses the output blocks concatenated to generate
the final key.
"
Yes, I know it's about DES3, but I assume my version will instead
128-fold the string "kerberos" in my DK() method?
--
K
More information about the Kerberos
mailing list