DES-CBC-CRC

Tue, 11 Dec 2001 11:43:55 -0800 

Ok, I'm stupid... DES-CBC-CRC - here's the data before encryption, after
checksumming (octal escapes used throughout):

N\211\225f\322r\004=\322\316e\302This is a test.\000\000\000\000\000

So, the checksum of this data:

N\211\225f\322r\004=\000\000\000\000This is a test.\000\000\000\000\000

Should be \322\316e\302 - *I* get this CRC: t\240\021\213

My CRC32 code looks like this (although I've tried other versions, based on
the MIT and Heimdal code):

class CRC32:
    poly = 0xEDB88320L
    table = [0L,]*256
    for i in range(256):
        crc = long(i)
        for j in range(8,0,-1):
            if crc & 1:
                crc = (crc >> 1) ^ poly
            else:
                crc = crc >> 1
        table[i] = crc
    digestsize = 4

    def __init__(self, data=''):
        self.data = data

    def digest(self):
        crc = 0l
        for c in self.data:
            idx = crc ^ ord(c)
            idx = int(idx & 0xff)
            crc = self.table[idx] ^ (crc>>8)
        return
chr(crc&0xff)+chr((crc>>8)&0xff)+chr((crc>>16)&0xff)+chr((crc>>24)&0xff)

Help! What am I doing wrong? As far as I can tell, I pass the MIT test data.
I'm stumped...

Regards,
Phil

+------------------------------------------+
| Phil Mayers                              |
| Network & Infrastructure Group           |
| Information & Communication Technologies |
| Imperial College                         |
+------------------------------------------+ 


-----Original Message-----
From: Sam Hartman [mailto:[EMAIL PROTECTED]]
Sent: 29 November 2001 18:45
To: Mayers, Philip J
Cc: 'Booker C. Bense'; '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: Re: Having trouble reading MIT CredCache programatically


>>>>> "Mayers," == Mayers, Philip J <[EMAIL PROTECTED]> writes:


    Mayers,> I wouldn't worry. It's highly likely that I'll never get
    Mayers,> to a release, since I can't seem to figure the
    Mayers,> des-cbc-crc enctype out...

Sorry I didn't get around to this earlier, but have been fairly busy
with IETf.  I'm amused at the concept of combining des-cbc-crc with
pkinit.

But anyway, have you read the current IETF draft on Kerberos
revisions?  IN particular, section 6.5.4 of
draft-ietf-cat-kerberos-revisions?  That seems to have a fairly clear
explanation of the encryption system.  If you want to generate test
vectors for yourself, you may find a simple program to call the MIT
crypto functions useful.  Please see
http://www.meepzorp.org/~hartmans/t_encrypt.c for a test program out
of the current snapshot.  It demonstrates encrypting and decrypting
short strings.

Reply via email to