review of Projects/replay_cache_collision_avoidance, ending Jan. 12
Tom Yu
tlyu at MIT.EDU
Sun Dec 28 17:04:25 EST 2008
I am starting a review of
http://k5wiki.kerberos.org/wiki/Projects/replay_cache_collision_avoidance
ending January 12, 2009.
This is a slight modification of Jeff Altman's previous early-stage
proposal:
* Removed Base64 encoding because there is no existing Base64 support
in the krb5 library, and I see no convincing reason to adding such
at this time. I also found a way to store the unencoded binary data
directly.
* Clarified some replay cache file format quirks.
* Use a more general extension record mechanism.
* Propose using MD5 instead of SHA-1. There is no reason to require
a cryptographically strong hash here, and truncating a SHA-1 hash to
128 bits adds additional complexity.
--
Tom Yu
Development Manager
MIT Kerberos Consortium
More information about the krbdev
mailing list