arcfour-hmac checksum salt value

Love Hörnquist Åstrand lha at
Fri Mar 14 11:03:06 EDT 2008

11 mar 2008 kl. 12.42 skrev Kevin Coffman:

> While implementing arcfour-hmac for Linux Kernel NFS use, I have run
> into the following issue:
> According to rfc4757 (sections 7.2 and 7.3), the salt value when
> generating the checksum for both MIC and WRAP tokens is 15.  However,
> the MIT, Heimdal, and Java implementations all seem to map the usage
> values (used while creating the checksum) in WRAP tokens to a salt
> value of 13 instead.
> Can someone verify that either I'm confused, or the spec is wrong in
> the case of the checksum salt value that Microsoft used for WRAP
> tokens?

 From where do you get 13 in heimdal ?

 From what I can read, heimdal uses KRB5_KU_USAGE_SIGN that later in  
the crypto layer is mapped to 15 for the mic checksum.


More information about the krbdev mailing list