Skip Menu |
 

To: krb5-bugs@MIT.EDU
Subject: des3 string-to-key
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Mon, 17 Feb 2003 22:11:26 -0500
Our current string-to-key for des3 makes no checks or corrections for
weak keys. However, the key schedule generation code will return an
error (after generating key schedules, but the error code *is*
checked) if any of the three keys is weak. One of the two needs to be
changed.

The current crypto draft says we don't do weak-key checks, but that's
because I looked at our string-to-key and not the key scheduling code.

Heimdal does do weak key checking and correction.

I'm going to suggest on the WG list that doing the check is the
correct fix.

Ken
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1354] des3 string-to-key
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 03 Feb 2004 09:59:15 -0500
RT-Send-Cc:
Show quoted text
>>>>> "Ken" == Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text
Ken> Our current string-to-key for des3 makes no checks or corrections
Ken> for weak keys.

[...]

Show quoted text
Ken> The current crypto draft says we don't do weak-key checks, but
Ken> that's because I looked at our string-to-key and not the key
Ken> scheduling code.

Latest crypto draft says weak key checking is done. We should update
the code.

---Tom