Fwd: [krbdev.mit.edu #4975] Checksum type 14 undefined
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Dec 7 21:22:28 EST 2006
On Thu, 7 Dec 2006, Marcus Watts wrote:
> > If you have an application that explicitly needs an _unkeyed_ checksum,
> > then RFC3961 is not the framework you're looking for, at least for that
> > application.
> ...
>
> Actually, what I wanted was something very much like the "pseudo-random"
> function of RFC 3961. Unfortunately, that seems to be even more tenuous
> than unkeyed sha1.
The PRF is not used in core Kerberos, and while it does exist in GSS-API,
that's a rather recent development and not widely used either. So it's
not that surprising if it's not widely implemented yet. However, I expect
that will change over time, and you should certainly feel free to use it
in higher-profile projects which might encourage implementors to support
it. :-)
Note that I do not speak for MIT or any other Kerberos implementor.
-- Jeff
More information about the krbdev
mailing list