open-source cryptocard libraries

Ken Hornstein kenh at
Tue Jan 23 14:21:27 EST 2007

>> Hm.  My big issue with use-sad-as-key is that none of the tokens I have
>> seen have enough entropy where I would be comfortable using them as the
>> only source of keying material (e.g., the CRYPTOCard only gets you 32
>> bits best-case).  Do you guys have a solution to that?  If so, that
>> would be pretty cool.
>We use HOTP which gives the full range (ie 5 digits = 40 bits), I think.
>Please correct me if my thinking is flawed here.
>Please educate me why this is important?  use-sad-as-key doesn't
>establish the session key does it?  Or are you worried about online
>guessing attack.

Well, use-sad-as-key doesn't establish the session key _directly_.  But
it means that only the SAD is used to encrypt the AS_REP which contains
the TGT session key.  That means that no matter what keytype you have
for a session key, it's encrypted by a key that has only (in your case)
40 bits of entropy.  That's a bit low for my tastes, but it all depends
on your environment and comfort level.  If, for example, snooping the
AS isn't a huge concern for you, then it's not a big deal.

Hrm, are you sure about that entropy number?  I took a look at RFC
4226, and it's talking about decimal digits.  My math shows around 13.3
bits of entropy for 5 decimal digits.  5 hex digits would be 20 bits of
entropy (4 bits for each hex digit).


More information about the krbdev mailing list