DES string-to-key and crypto modules
Jeffrey Altman
jaltman at secure-endpoints.com
Sat Mar 5 14:47:54 EST 2011
On 3/5/2011 2:04 PM, ghudson at mit.edu wrote:
> Currently libk5crypto delegates responsibility for string-to-key to
> the modules. There are some issues with this:
>
> * OpenSSL implements DES_string_to_key() as some kind of ancient
> backwards-compatibility measure, but at least in the version I
> tested (1.0.0a), it did not appear to correctly handle weak
> keys--there's code for it, but it's #ifdef'd out. As a consequence,
> it produces wrong answers for two of the test vectors in RFC 3960.
> The chances of running into this case non-deliberately in operation
> are, of course, quite low.
>
> * I don't think NSS implements it at all. (Currently, the NSS module
> does completely the wrong thing for DES string to key, I believe;
> I'm treating that as a bug.)
>
> My inclination is to move the built-in DES string-to-key into
> lib/crypto/krb and stop asking the modules to do it, as it's far from
> a standard crypto primitive like PBKDF2. Does that seem reasonable?
It is quite reasonable. Please rename the function when you do so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20110305/38fd0fbf/attachment.bin
More information about the krbdev
mailing list