[AFS3-std] rxgk and the RFC 4402 PRF+ function

Simon Wilkinson simon@sxw.org.uk
Thu, 20 Feb 2014 00:01:55 +0000


On 19 Feb 2014, at 21:23, Benjamin Kaduk <kaduk@mit.edu> wrote:

> Does anyone have an opinion that might sway us to one side or the =
other?

I've just realised that this opens a whole can of worms, relating to two =
different definitions of the PRF+ function. There is a PRF+ defined in =
RFC4402, which uses a network byte order 4-octet value as the counter. =
Then there is the PRF+ defined in RFC6113 which uses a single octet =
value as the counter.

As specified, rxgk uses both of these PRF+s - the 4402 one for key =
derivation, and the 6113 one for key combination. However, in the YFS =
implementation, we are actually using a 6113 PRF+ for both derivation =
and combination.

Cheers,

Simon