Armor key negotiation in FAST

Venky A subramanian.av at hotmail.com
Fri Jan 17 16:04:01 EST 2014


Thanks once again for the help and quick replies.
 

 
> Date: Fri, 17 Jan 2014 15:57:46 -0500
> From: ghudson at MIT.EDU
> To: subramanian.av at hotmail.com; kerberos at mit.edu
> Subject: Re: Armor key negotiation in FAST
> 
> On 01/17/2014 03:54 PM, Venky A wrote:
> > So for a AS-REP, would we combine the strengthen-key with the user-key
> > to get a reply key with which we would encrypt the EncASRepPart?
> 
> Typically yes.  If a preauthentication mechanism has altered the reply
> key, then strengthen-key would be combined with whatever the new reply
> key is.  But in a typical encrypted challenge scenario, the strength-key
> would be combined with the long-term key to produce the reply key.
> 
> > At the receiving end, the user would get the strengthen-key by
> > decrypting the KrbFastResponse by using the armorkey.
> >  
> > Then use the strengthen-key combined with user-key to generate the reply
> > key to decrypt the EncASRepPart. Would that be correct to say?
> 
> Correct, with the same caveat.
 		 	   		  


More information about the Kerberos mailing list