DES string-to-key and crypto modules

Jeffrey Altman jaltman at
Sat Mar 5 14:47:54 EST 2011

On 3/5/2011 2:04 PM, ghudson at wrote:
> Currently libk5crypto delegates responsibility for string-to-key to
> the modules.  There are some issues with this:
> * OpenSSL implements DES_string_to_key() as some kind of ancient
>   backwards-compatibility measure, but at least in the version I
>   tested (1.0.0a), it did not appear to correctly handle weak
>   keys--there's code for it, but it's #ifdef'd out.  As a consequence,
>   it produces wrong answers for two of the test vectors in RFC 3960.
>   The chances of running into this case non-deliberately in operation
>   are, of course, quite low.
> * I don't think NSS implements it at all.  (Currently, the NSS module
>   does completely the wrong thing for DES string to key, I believe;
>   I'm treating that as a bug.)
> My inclination is to move the built-in DES string-to-key into
> lib/crypto/krb and stop asking the modules to do it, as it's far from
> a standard crypto primitive like PBKDF2.  Does that seem reasonable?

It is quite reasonable.  Please rename the function when you do so.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url :

More information about the krbdev mailing list