PRF length for 3DES

Sam Hartman hartmans at MIT.EDU
Wed Apr 29 19:05:15 EDT 2009

Hi.  In San Francisco, we discussed the construction of the RFC 3961
PRF.  In that discussion, we concluded that the PRF length for
simplified profile ciphers should be the block size of the cipher.
That means 3DES would have an eight-byte PRF.

I'm going to go implement that, but I want to bring up an interop
concern.  The Racoon2 IPsec daemon ships with KINK support that
assumes the 3DES PRF has 16-bytes of length.  It's my understanding
though that code does not currently call krb5_c_prf.

If we're going to do something different, we need to know quite soon.


More information about the krbdev mailing list