review of Projects/replay_cache_collision_avoidance, ending Jan. 12

Tom Yu tlyu at MIT.EDU
Sun Dec 28 17:04:25 EST 2008

I am starting a review of

ending January 12, 2009.

This is a slight modification of Jeff Altman's previous early-stage

* Removed Base64 encoding because there is no existing Base64 support
  in the krb5 library, and I see no convincing reason to adding such
  at this time.  I also found a way to store the unencoded binary data

* Clarified some replay cache file format quirks.

* Use a more general extension record mechanism.

* Propose using MD5 instead of SHA-1.  There is no reason to require
  a cryptographically strong hash here, and truncating a SHA-1 hash to
  128 bits adds additional complexity.

Tom Yu
Development Manager
MIT Kerberos Consortium

More information about the krbdev mailing list