Fwd: [krbdev.mit.edu #4975] Checksum type 14 undefined
Marcus Watts
mdw at umich.edu
Thu Dec 7 22:26:35 EST 2006
> Date: Thu, 7 Dec 2006 21:22:28 -0500 (EST)
> From: Jeffrey Hutzelman <jhutz at cmu.edu>
> To: Marcus Watts <mdw at umich.edu>
> cc: <krbdev at mit.edu>
> Subject: Re: Fwd: [krbdev.mit.edu #4975] Checksum type 14 undefined
>
> On Thu, 7 Dec 2006, Marcus Watts wrote:
>
> > > If you have an application that explicitly needs an _unkeyed_ checksum,
> > > then RFC3961 is not the framework you're looking for, at least for that
> > > application.
> > ...
> >
> > Actually, what I wanted was something very much like the "pseudo-random"
> > function of RFC 3961. Unfortunately, that seems to be even more tenuous
> > than unkeyed sha1.
>
> The PRF is not used in core Kerberos, and while it does exist in GSS-API,
> that's a rather recent development and not widely used either. So it's
> not that surprising if it's not widely implemented yet. However, I expect
> that will change over time, and you should certainly feel free to use it
> in higher-profile projects which might encourage implementors to support
> it. :-)
>
> Note that I do not speak for MIT or any other Kerberos implementor.
>
> -- Jeff
>
>
The main thing that stopped me from doing that is I couldn't find
either any working implementation of RFC 3961 PRF, or good enough sample
vectors that I might with confidence expect to interoperate with some
future working implementation.
For gssapi, these weren't yet standards when I looked and did
not have public implementations; but things appear to have advanced
some:
RFC 4401
GSS_Pseudo_random()
key is an integer (ie, this is "too generic")
RFC 4402
GSS_Pseudo_random for kerberos 5.
specifies GSS PRF+ as an augmented variation
of the basic PRF function in 3961.
I haven't noticed this in any MIT distribution yet - is this in 1.6 or
maybe in subversion?
-Marcus
More information about the krbdev
mailing list