Directions for crypto make_checksum/verify_checksum

Sam Hartman hartmans at MIT.EDU
Mon Dec 7 13:25:20 EST 2009

Your design looks good.

A couple of notes to inform your thinking although I don't think any of
this creates a problem for your proposal:

1) I definitely don't think kc is always pbkdf2 derived; I'm not sure it
ever is.

2) It's moderately unlikely that we're going to continue to use the RFC
3961 simplified profile for anything new.  Towards the end of the AES
design we began to conclude that the simplified profile is not simple
enough to be worth it; thoughts since then have only reenforced this.
So, it's unlikely that anything we do in the future will directly use
the existing dk and dr functions from RFC 3961.

More information about the krbdev mailing list