[krbdev.mit.edu #1354] des3 string-to-key
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon Feb 17 22:11:36 EST 2003
Our current string-to-key for des3 makes no checks or corrections for
weak keys. However, the key schedule generation code will return an
error (after generating key schedules, but the error code *is*
checked) if any of the three keys is weak. One of the two needs to be
changed.
The current crypto draft says we don't do weak-key checks, but that's
because I looked at our string-to-key and not the key scheduling code.
Heimdal does do weak key checking and correction.
I'm going to suggest on the WG list that doing the check is the
correct fix.
Ken
More information about the krb5-bugs
mailing list