On Thursday, March 11, 2004 16:38:46 -0800 "Henry B. Hotz" <[EMAIL PROTECTED]> wrote:
Where is the "real" description of the string-to-key functions, V4, AFS, and V5?
My specific question is whether any of them have hard upper bounds on password length. Saw a reference that seemed to imply they were encryption type specific, but I can't find it again (and that doesn't seem quite right in any case). --
String-to-key operations are indeed enctype-specific -- they need to be, since they must produce a key that is valid for the enctype in use.
Specifications for the string-to-key algorithms for standards-track Kerberos 5 enctypes can be found in
draft-ietf-krb-wg-crypto-07.txt draft-raeburn-krb-rijndael-krb-05.txt
"Standard" Kerberos 4 supports only single-DES encryption. The string-to-key function is the same as that described in draft-ietf-krb-wg-crypto-07.txt for DES-CBC-CRC, with the salt string and parameter block both empty (krb4 does not salt keys).
AFS supports only the single-DES enctype. The AFS string-to-key function is not documented; you'll have to read the source.
All of these functions support input of essentially unlimited length.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
