[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: arcfour: hmac-md5 vs. md5
|
From: |
Elrond |
|
Subject: |
Re: arcfour: hmac-md5 vs. md5 |
|
Date: |
Wed, 3 May 2006 11:39:52 +0200 |
|
User-agent: |
Mutt/1.5.9i |
Any news on this?
Or are you just plain busy? :)
Elrond
On Fri, Apr 28, 2006 at 05:46:25PM +0200, Elrond wrote:
>
> Okay,
>
> this is still about TGS. I just noticed, that we have too
> many buttons (parameters) to press and try stuff. So I
> decided to start from scratch and look only at one
> parameter:
>
> arcfour-hmacs default checksum.
> Either hmac-md5 or plain-md5 (MD_RSA_MD5).
> (I modified crypto-rc4.c for this "parameter change").
>
>
> Other parameters:
> cipher: "arcfour-hmac" only.
> preauth: enabled
> subkey in TGS: enabled
>
>
> w2k3-kdc:
>
> Sending a TGS with hmac-md5 gets me a "Message
> stream modified" from the w2k3-kdc.
>
> Doing the same with plain-md5 gets me a response,
> that shishi can't decrypt.
>
> heimdal-kdc:
> Version: 0.7.2 from Debian/testing
>
> Both variants work and I can't really discover any
> difference.
>
> Both give this warning from shishi at TGS-time:
>
> "libshishi: warning: KDC bug: Reply encrypted using wrong key."
>
>
> >From my limited point of view, this looks like shishi and
> heimdal are consistent to each other with the hmac-md5, but
> shishi and w2k3 do not seem to share this.
>
> This is particular confusing to me, as arcfour-hmac was
> invented by the guys at ms. So either their spec isn't
> correct or heimdal and you seem to have misread it (no
> reproach intended!).
>
> So what next?
>
>
> Elrond
>
>
> _______________________________________________
> Help-shishi mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-shishi
- Re: arcfour: hmac-md5 vs. md5,
Elrond <=