non-ascii password in kerberos authentication

Ken Raeburn raeburn at MIT.EDU
Mon Sep 17 02:41:51 EDT 2007

On Sep 17, 2007, at 01:42, Xu Qiang wrote:
>> * If you can be sure that RC4 is being used, convert to UCS-2LE
>> before calling into the library in the first place.
> Yeah, I like this idea. At least i can test whether RC4 encoding of
> the password works or not. The problem is, is there an existing
> implementation of conversion from ISO-8859-1 to UCS-2LE, or
> directly, from UTF-8 to UCS-2LE in C code? I only have a function
> specifically for conversion from ISO-8859-1 to UTF-8. Looks like
> it cannot be used directly to convert to UCS-2LE.

Right.  But UTF-8 and UCS-2LE are both encodings of the same set of  
numbers (at least, for those values supported by UCS-2LE; for  
anything else, you probably just lose).  So looking at the  
definitions for the two encodings and how they handle values  
0..65535, you should be able to come up with a pretty easy conversion  
scheme from one, two, or three UTF-8 bytes to a UCS-2LE two-byte  
value, and you can tell from the top bits of the first byte how long  
the UTF-8 sequence should be.

Or, you might be able to find a converter to UTF-16, which is close  
enough to UCS-2 that it probably won't matter.

Ah, here's something I just found: 
utf8tbl.html describes how to convert from UTF-8 to UCS-4, about a  
third of the way down the page.  For UCS-2LE, just use the lower 16  
bits you get out, in little-endian order.  The top 16 bits of the  
UCS-4 value will probably be zero anyways, and if not, I don't know  
how Windows would encode them.


More information about the krbdev mailing list