The NULL Encryption System

Sam Hartman hartmans at MIT.EDU
Mon Mar 29 15:17:09 EST 2004

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Mon, Mar 29, 2004 at 02:57:57PM -0500, Sam Hartman
    Nicolas> wrote:
    >> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at>
    >> writes:
    Nicolas> Technically it was (and still is) used by some rfc1964
    Nicolas> (krb5 gss mech) implementations for "encrypting" the
    Nicolas> KRB-CRED encpart; other than this the null enctype has
    Nicolas> not been used for anything else, nor should be.
    >>  No, if they used the null enctype, then you'd get an
    >> EncryptedData with plaintext as ciphertext; you don't even get
    >> that.  You get the encrypted part of the krb_cred structure
    >> encoded directly in the place where you'd expect an
    >> EncryptedData.

    Nicolas> My recollection of this is that at the first interim KRB
    Nicolas> WG meeting at MIT Tom showed me the opposite, but I could
    Nicolas> be wrong.

You and Tom are correct; I was missing a layer of decoding.

More information about the krbdev mailing list