krb5_encrpyt_block freeing
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Dec 30 11:16:00 EST 2005
>>>>>> "Paul" == Paul Moore <paul.moore at centrify.com> writes:
>
> Paul> Is there an API that asks "what is the key size for this
> Paul> encryption mechanism?"
>
>There doesn't seem to be. You could call krb5_c_make_random_key and see how
>large the resulting key is.
I'm curious ... how come you would need this? Do you want to be able to
say something like, "keys < N are not permitted"? While that might be
okay in the general case for common block ciphers today, I was under the
impression some cryptosystems (like elliptical curve crypto) have
sparse keyspace.
(Personally, I prefer allowing a set of particular crypto algorithms, or
more usefully, disallowing a particular few; the existing APIs work fine
for this).
--Ken
More information about the krbdev
mailing list