DES string-to-key and crypto modules

ghudson@MIT.EDU ghudson at MIT.EDU
Sat Mar 5 14:04:25 EST 2011

Currently libk5crypto delegates responsibility for string-to-key to
the modules.  There are some issues with this:

* OpenSSL implements DES_string_to_key() as some kind of ancient
  backwards-compatibility measure, but at least in the version I
  tested (1.0.0a), it did not appear to correctly handle weak
  keys--there's code for it, but it's #ifdef'd out.  As a consequence,
  it produces wrong answers for two of the test vectors in RFC 3960.
  The chances of running into this case non-deliberately in operation
  are, of course, quite low.

* I don't think NSS implements it at all.  (Currently, the NSS module
  does completely the wrong thing for DES string to key, I believe;
  I'm treating that as a bug.)

My inclination is to move the built-in DES string-to-key into
lib/crypto/krb and stop asking the modules to do it, as it's far from
a standard crypto primitive like PBKDF2.  Does that seem reasonable?

More information about the krbdev mailing list