9fans archive / 1996 / 08 / 61 /    prev next

From: Paul Borman prb@bsd...
Subject: SNK Key generation bug
Date: Wed, 28 Aug 1996 16:46:53 -0500 (CDT)

Steve Kotsopoulos reported to BSDI that he could not use his SNK token
with both BSD/OS and Plan 9.  We were surprised, as the transitive
property says it should.  It turns out the culprit is a bug in the
SNK key generation software on Plan 9 which tickles a buglet in the
BSD/OS token code that calls the Kerberos des library.  Simply put,
Plan 9 does not generate proper parity (or any parity, for that matter)
on the key it produces.  The Kerberos des library will not produce a
key schedule for a key that does not have odd parity.  The next release
of BSD/OS will always fix up the parity before calling des_key_sched,
so in a way this should go away.  It is too bad Plan 9 generates invalid
keys, though.  In the mean time, I believe if you set the parity on
the key by hand, you should be able to use the same key with both systems.

The des key must have an odd number of 1 bits in each byte, using the
*low* order bit as parity (i.e. 0377 -> 376).

				-Paul Borman
				 prb@bsd...