krb5_encrpyt_block freeing
Paul Moore
paul.moore at centrify.com
Fri Dec 30 12:57:44 EST 2005
Krb5_init_keyblock has a required length parameter
-----Original Message-----
From: Ken Hornstein [mailto:kenh at cmf.nrl.navy.mil]
Sent: Friday, December 30, 2005 8:16 AM
To: Paul Moore; krbdev at mit.edu
Subject: Re: krb5_encrpyt_block freeing
>>>>>> "Paul" == Paul Moore <paul.moore at centrify.com> writes:
>
> Paul> Is there an API that asks "what is the key size for this
> Paul> encryption mechanism?"
>
>There doesn't seem to be. You could call krb5_c_make_random_key and
>see how large the resulting key is.
I'm curious ... how come you would need this? Do you want to be able to
say something like, "keys < N are not permitted"? While that might be
okay in the general case for common block ciphers today, I was under the
impression some cryptosystems (like elliptical curve crypto) have sparse
keyspace.
(Personally, I prefer allowing a set of particular crypto algorithms, or
more usefully, disallowing a particular few; the existing APIs work fine
for this).
--Ken
More information about the krbdev
mailing list