Directions for crypto make_checksum/verify_checksum

Greg Hudson ghudson at MIT.EDU
Mon Dec 7 15:21:22 EST 2009

On Mon, 2009-12-07 at 15:12 -0500, Tom Yu wrote:
> How about making the enc provider for DES-CBC operate efficiently with
> a missing output buffer?  That way you could use it for CBC-MAC by
> omitting an output buffer but providing an output ivec.  I'd have to
> take a closer look to see if that sort of approach would also make
> implementing CCM easier.

I thought about that, but after r23444 the enc provider encrypt
functions all take IOVs and do in-place encryption, so there's no
"output buffer" to omit.

Sam wrote:
> 1) I definitely don't think kc is always pbkdf2 derived; I'm not sure
> it ever is.

I had confused myself.  We only use pbkdf2 for string-to-key.  I meant
to reference the key derivation function we use for DES3 and AES

More information about the krbdev mailing list