Fwd: [krbdev.mit.edu #4975] Checksum type 14 undefined

Jeffrey Hutzelman jhutz at cmu.edu
Thu Dec 7 21:22:28 EST 2006

On Thu, 7 Dec 2006, Marcus Watts wrote:

> > If you have an application that explicitly needs an _unkeyed_ checksum,
> > then RFC3961 is not the framework you're looking for, at least for that
> > application.
> ...
> Actually, what I wanted was something very much like the "pseudo-random"
> function of RFC 3961.  Unfortunately, that seems to be even more tenuous
> than unkeyed sha1.

The PRF is not used in core Kerberos, and while it does exist in GSS-API,
that's a rather recent development and not widely used either.  So it's
not that surprising if it's not widely implemented yet.  However, I expect
that will change over time, and you should certainly feel free to use it
in higher-profile projects which might encourage implementors to support
it. :-)

Note that I do not speak for MIT or any other Kerberos implementor.

-- Jeff

More information about the krbdev mailing list