Re: Why the auxiliary cipher in gss_krb5_crypto.c?

From: Bruce Fields
Date: Fri Dec 04 2020 - 11:04:32 EST

Next message: David Ahern: "Re: [PATCH net] ipv4: fix error return code in rtm_to_fib_config()"
Previous message: Elia Devito: "[PATCH v3 2/2] intel-hid: add alternative method to enable switches"
In reply to: David Howells: "Re: Why the auxiliary cipher in gss_krb5_crypto.c?"
Next in thread: David Howells: "Re: Why the auxiliary cipher in gss_krb5_crypto.c?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 04, 2020 at 04:01:53PM +0000, David Howells wrote:
> Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
>
> > > Reading up on CTS, I'm guessing the reason it's like this is that CTS is the
> > > same as the non-CTS, except for the last two blocks, but the non-CTS one is
> > > more efficient.
> >
> > CTS is cipher-text stealing, isn't it? I think it was Kevin Coffman
> > that did that, and I don't remember the history. I thought it was
> > required by some spec or peer implementation (maybe Windows?) but I
> > really don't remember. It may predate git. I'll dig around and see
> > what I can find.
>
> rfc3961 and rfc3962 specify CTS-CBC with AES.

OK, I guess I don't understand the question. I haven't thought about
this code in at least a decade. What's an auxilary cipher? Is this a
question about why we're implementing something, or how we're
implementing it?

--b.

Next message: David Ahern: "Re: [PATCH net] ipv4: fix error return code in rtm_to_fib_config()"
Previous message: Elia Devito: "[PATCH v3 2/2] intel-hid: add alternative method to enable switches"
In reply to: David Howells: "Re: Why the auxiliary cipher in gss_krb5_crypto.c?"
Next in thread: David Howells: "Re: Why the auxiliary cipher in gss_krb5_crypto.c?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]