Projects/replay_cache_collision_avoidance and replay cache uses

Greg Hudson ghudson at MIT.EDU
Tue Jan 13 16:36:40 EST 2009

On Tue, 2009-01-13 at 11:17 -0600, Nicolas Williams wrote:
> But it'd be nice if there was an rcache header entry naming the hash
> function to use for that rcache.
> But NOT having such a header entry (naming a hash funciton, or rcache
> version, or something) WILL complicate hash agility later.

First, I don't think it would be hard to implement hash agility without
such a header.  We'd just introduce a new kind of extension record using
"HASH2:" instead of "HASH:" as the prefix in the server field.

Second, your suggestion introduces what I'd consider a lot of additional
bookkeeping in anticipation of a very specific kind of extension which
is very unlikely to happen.  Needing to change the hash algorithm is
much less likely than needing to change what data is hashed, or needing
to add some other piece of information to replay records.

More information about the krbdev mailing list