On Fri, Oct 9, 2009 at 9:48 AM, Greg Hudson <[email protected]> wrote: > On Thu, 2009-10-08 at 21:26 -0400, [email protected] wrote: >> It looks like "kerberos" has to be folded (maybe >> n-folded) somehow so that I can use it as my IV, but I am not quite >> sure I'm on the right track. > > You do need to n-fold "kerberos" to the block size (128 bits). I'm not > sure I can describe n-fold better than the RFC; I suggest using the test > vectors from RFC 3961 to determine when you've gotten it right.
Okay, I think I found a older posting from the archives that might be useful: http://mailman.mit.edu/pipermail/krbdev/2009-April/007656.html In short: " The pseudocode for DES3string-to-key in RFC 3961 includes: s = passwordString + salt tmpKey = random-to-key(168-fold(s)) key = DK (tmpKey, KerberosConstant) So n-fold scrambles the salt and password together. The DK function basically iteratively encrypts the KerberosConstant (64-fold of the string "kerberos") and uses the output blocks concatenated to generate the final key. " Yes, I know it's about DES3, but I assume my version will instead 128-fold the string "kerberos" in my DK() method? -- K ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
