DES string-to-key and crypto modules
ghudson at MIT.EDU
Sat Mar 5 14:04:25 EST 2011
Currently libk5crypto delegates responsibility for string-to-key to
the modules. There are some issues with this:
* OpenSSL implements DES_string_to_key() as some kind of ancient
backwards-compatibility measure, but at least in the version I
tested (1.0.0a), it did not appear to correctly handle weak
keys--there's code for it, but it's #ifdef'd out. As a consequence,
it produces wrong answers for two of the test vectors in RFC 3960.
The chances of running into this case non-deliberately in operation
are, of course, quite low.
* I don't think NSS implements it at all. (Currently, the NSS module
does completely the wrong thing for DES string to key, I believe;
I'm treating that as a bug.)
My inclination is to move the built-in DES string-to-key into
lib/crypto/krb and stop asking the modules to do it, as it's far from
a standard crypto primitive like PBKDF2. Does that seem reasonable?
More information about the krbdev