Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-15 Thread kerberos
On Thu, Oct 15, 2009 at 10:03 AM, Greg Hudson wrote: > On Tue, 2009-10-13 at 15:42 -0400, kerbe...@noopy.org wrote: >> Basically what I'm trying to do in >> my DK function is: "encrypt my 'kerberos' block with the temporary key >> I got from my derive bytes function." >> >> Am I understanding how

Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-15 Thread Greg Hudson
On Tue, 2009-10-13 at 15:42 -0400, kerbe...@noopy.org wrote: > Basically what I'm trying to do in > my DK function is: "encrypt my 'kerberos' block with the temporary key > I got from my derive bytes function." > > Am I understanding how I create the final key correctly here? You have the right i

Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-13 Thread kerberos
Hello, Thanks for your response! Further stuff inline. On Fri, Oct 9, 2009 at 12:28 PM, Tom Yu wrote: > > The IV is also known as the "cipher state" for CBC ciphers, and each > cryptosystem specification includes a default initial cipher state. > For "simplified profile" (e.g. DES3 and AES) cry

Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-09 Thread Tom Yu
"kerbe...@noopy.org" writes: > Hello, > > I've been working on generating AES keys for a keytab. I've been > following RFC 3962 and 3961 and have gotten as far as implementing a > PBKDF2 function in C# per RFC 2898. Following this high-level > representation of AES 128 > (http://msdn.microsoft.

Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-09 Thread kerberos
On Fri, Oct 9, 2009 at 9:48 AM, Greg Hudson wrote: > On Thu, 2009-10-08 at 21:26 -0400, kerbe...@noopy.org wrote: >> It looks like "kerberos" has to be folded (maybe >> n-folded) somehow so that I can use it as my IV, but I am not quite >> sure I'm on the right track. > > You do need to n-fold "ke

Re: RFC 3962 and DK(tkey, "kerberos") function

2009-10-09 Thread Greg Hudson
On Thu, 2009-10-08 at 21:26 -0400, kerbe...@noopy.org wrote: > It looks like "kerberos" has to be folded (maybe > n-folded) somehow so that I can use it as my IV, but I am not quite > sure I'm on the right track. You do need to n-fold "kerberos" to the block size (128 bits). I'm not sure I can de

RFC 3962 and DK(tkey, "kerberos") function

2009-10-08 Thread kerberos
Hello, I've been working on generating AES keys for a keytab. I've been following RFC 3962 and 3961 and have gotten as far as implementing a PBKDF2 function in C# per RFC 2898. Following this high-level representation of AES 128 (http://msdn.microsoft.com/en-us/library/dd304065%28PROT.10%29.aspx