The new code looks very nice. Might want to change a few "tickes" to "tickets".
Also, when it comes time to decrypt, there is a detail. The kdc req/rep structures are used by both as* and tgs* items. But the "usage" salt values are specific to as/tgs. So the message type will need to be passed into the relevant dissectors, such as dissect_krb5_encrypted_KDC_REP(). afaik, nettle should work fine, but that still leaves an intermediate layer to be implemented. Take a look at the "encrypt" / "decrypt" fields in MIT's krb5_enctypes_list[] (etypes.c). Those are (usually) cipher and hash-independent frameworks for applying the selected algorithms. Something similar will need to be developed to be able to use the nettle library for kerberos crypto. regards, Eric -----Original Message----- From: Ronnie Sahlberg [mailto:[EMAIL PROTECTED] Sent: Friday, February 06, 2004 1:52 AM To: [EMAIL PROTECTED] Subject: [Ethereal-dev] kerberos update, new test version for those that are brave this is an updated version of the combined packet-ber/packet-kerberos file those brave enough, please test it. all fields have filterable names. after next release if all goes well it might be checked in. I have looked at different crypto libs and found nettle which seems low level enough and reasonably cross-platform. maybe we should use nettle when we start looking at decrypting the encrupted parts of tickets and authenticators. comments please? what do you think about nettle? ********************************************************************* This e-mail and any attachment is confidential. It may only be read, copied and used by the intended recipient(s). If you are not the intended recipient(s), you may not copy, use, distribute, forward, store or disclose this e-mail or any attachment. If you are not the intended recipient(s) or have otherwise received this e-mail in error, you should destroy it and any attachment and notify the sender by reply e-mail or send a message to [EMAIL PROTECTED] ********************************************************************* _______________________________________________ Ethereal-dev mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-dev
