rss
 
comment(s)

archives
J|F|M|A|M|J|J|A|S|O|N|D
(20##) 10 9 8 7 6 5 4 3 2 1 0 <
 
DesktopWeb FormText   WS-SecureConversationTue, 15 Jun 2004 03:56:19 GMT # 

got to take a quick look at the WS-SecureConversation changes. the most obvious change was the addition of the 'Entropy' element. this lets the client pass some random data to the server, which the server can then add its own randomness to, to create the shared key. kind of cool, albeit optional. ran the sample without passing Entropy and it returned an EncryptedKey as expected. what was interesting is that the security token the client passed was a UsernameToken, so asymmetric encryption could not be done. instead the server generated a key from the password and returned the EncryptedKey as kw-tripledes (Key Wrapped Triple DES). looking at the spec for kw-tripledes produces this gem: Decrypt the cipher text with TRIPLEDES in CBC mode using the KEK and an initialization vector (IV) of 0x4adda22c79e82105. where in the world did the magic IV come from? ... this is going to be tougher than i thought