Kerberos includes an encryption library that supports various encryption-related operations. These were included in the Kerberos 5 specification and are common in commercial implementations. In February 2005, IETF issued RFCs 3961 and 3962, which expand the options of cryptographic techniques. In this appendix, we describe the RFC 1510 techniques. Password-to-Key TransformationIn Kerberos, passwords are limited to the use of the characters that can be represented in a 7-bit ASCII format. This password, of arbitrary length, is converted into an encryption key that is stored in the Kerberos database. Figure 14.8 illustrates the procedure. Figure 14.8. Generation of Encryption Key from PasswordFirst, the character string, s, is packed into a bit string, b, such that the first character is stored in the first 7 bits, the second character in the second 7 bits, and so on. This can be expressed as
Next, the bit string is compacted to 56 bits by aligning the bits in "fanfold" fashion and performing a bitwise XOR. For example, if the bit string is of length 59, then
This creates a 56-bit DES key. To conform to the expected 64-bit key format, the string is treated as a sequence of eight 7-bit blocks and is mapped into eight 8-bit blocks to form an input key Kpw Finally, the original password is encrypted using the cipher block chaining (CBC) mode of DES with key Kpw The last 64-bit block returned from this process, known as the CBC checksum, is the output key associated with this password. The entire algorithm can be viewed as a hash function that maps an arbitrary password into a 64-bit hash code. Propagating Cipher Block Chaining ModeRecall from Chapter 6 that, in the CBC mode of DES, the input to the DES algorithm at each stage consists of the XOR of the current plaintext block and the preceding ciphertext block, with the same key used for each block (Figure 6.4). The advantage of this mode over the electronic codebook (ECB) mode, in which each plaintext block is independently encrypted, is this: With CBC, the same plaintext block, if repeated, produces different ciphertext blocks. CBC has the property that if an error occurs in transmission of ciphertext block CI then this error propagates to the recovered plaintext blocks PI and PI + 1. Version 4 of Kerberos uses an extension to CBC, called the propagating CBC (PCBC) mode [MEYE82]. This mode has the property that an error in one ciphertext block is propagated to all subsequent decrypted blocks of the message, rendering each block useless. Thus, data encryption and integrity are combined in one operation. (For an exception, see Problem 14.2). PCBC is illustrated in Figure 14.9. In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block, the preceding cipher text block, and the preceding plaintext block: Cn = E(K,[Cn-1 n-1 n]) Figure 14.9. Propagating Cipher Block Chaining (PCBC) Mode |
D(K, Cn) = D(K, E(K, [Cn-1 |
|