Directions for crypto make_checksum/verify_checksum
Greg Hudson
ghudson at MIT.EDU
Mon Dec 7 15:21:22 EST 2009
On Mon, 2009-12-07 at 15:12 -0500, Tom Yu wrote:
> How about making the enc provider for DES-CBC operate efficiently with
> a missing output buffer? That way you could use it for CBC-MAC by
> omitting an output buffer but providing an output ivec. I'd have to
> take a closer look to see if that sort of approach would also make
> implementing CCM easier.
I thought about that, but after r23444 the enc provider encrypt
functions all take IOVs and do in-place encryption, so there's no
"output buffer" to omit.
Sam wrote:
> 1) I definitely don't think kc is always pbkdf2 derived; I'm not sure
> it ever is.
I had confused myself. We only use pbkdf2 for string-to-key. I meant
to reference the key derivation function we use for DES3 and AES
encryption.
More information about the krbdev
mailing list