Thanks once again for the help and quick replies.
> Date: Fri, 17 Jan 2014 15:57:46 -0500 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: Armor key negotiation in FAST > > On 01/17/2014 03:54 PM, Venky A wrote: > > So for a AS-REP, would we combine the strengthen-key with the user-key > > to get a reply key with which we would encrypt the EncASRepPart? > > Typically yes. If a preauthentication mechanism has altered the reply > key, then strengthen-key would be combined with whatever the new reply > key is. But in a typical encrypted challenge scenario, the strength-key > would be combined with the long-term key to produce the reply key. > > > At the receiving end, the user would get the strengthen-key by > > decrypting the KrbFastResponse by using the armorkey. > > > > Then use the strengthen-key combined with user-key to generate the reply > > key to decrypt the EncASRepPart. Would that be correct to say? > > Correct, with the same caveat. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
