Armor key negotiation in FAST
Venky A
subramanian.av at hotmail.com
Fri Jan 17 16:04:01 EST 2014
Thanks once again for the help and quick replies.
> Date: Fri, 17 Jan 2014 15:57:46 -0500
> From: ghudson at MIT.EDU
> To: subramanian.av at hotmail.com; kerberos at mit.edu
> Subject: Re: Armor key negotiation in FAST
>
> On 01/17/2014 03:54 PM, Venky A wrote:
> > So for a AS-REP, would we combine the strengthen-key with the user-key
> > to get a reply key with which we would encrypt the EncASRepPart?
>
> Typically yes. If a preauthentication mechanism has altered the reply
> key, then strengthen-key would be combined with whatever the new reply
> key is. But in a typical encrypted challenge scenario, the strength-key
> would be combined with the long-term key to produce the reply key.
>
> > At the receiving end, the user would get the strengthen-key by
> > decrypting the KrbFastResponse by using the armorkey.
> >
> > Then use the strengthen-key combined with user-key to generate the reply
> > key to decrypt the EncASRepPart. Would that be correct to say?
>
> Correct, with the same caveat.
More information about the Kerberos
mailing list