4.4 AES 128 Key Creation
The following values are used during AES 128 key creation:
User or computer password:
-
0000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 0000090: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000a0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000b0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000c0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000d0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ 00000e0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
Salt:
-
0000000: 44 00 4f 00 4d 00 41 00 49 00 4e 00 2e 00 43 00 D•O•M•A•I•N•.•C• 0000010: 4f 00 4d 00 68 00 6f 00 73 00 74 00 63 00 6c 00 O•M•h•o•s•t•c•l• 0000020: 69 00 65 00 6e 00 74 00 2e 00 64 00 6f 00 6d 00 i•e•n•t•.•d•o•m• 0000030: 61 00 69 00 6e 00 2e 00 63 00 6f 00 6d 00 a•i•n•.•c•o•m•
IterationCount:
-
0000000: 00 00 00 00 00 00 03 e8 ........
The AES 128 key is created by first converting the password from a Unicode (UTF16) string to a UTF8 string ([UNICODE], chapter 3.9).
UTF8String:
-
0000000: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000010: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 0000020: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 0000030: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000040: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 0000050: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 0000060: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000070: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 0000080: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 0000090: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 00000a0: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 00000b0: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 00000c0: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 00000d0: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 00000e0: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 00000f0: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000100: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 0000110: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 0000120: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000130: bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf ................ 0000140: bf ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ................ 0000150: ef bf bf ef bf bf ef bf bf ef bf bf ef bf bf ef ................ 0000160: bf bf ef bf bf ef bf bf ........
The salt is converted from a Unicode (UTF16) string to a UTF8 string ([UNICODE] section 3.9).
UTF8Salt:
-
0000000: 44 4f 4d 41 49 4e 2e 43 4f 4D 68 6f 73 74 63 6c DOMAIN.COMhostcl 0000010: 69 65 6e 74 2e 64 6f 6d 61 69 6e 2e 63 6f 6d ient.domain.com
Next, the UTF8 string is converted to the key ([RFC3962] section 4). When calculating the AES base 128 key, using the values above, then random2key(PBKDF2(UTF8String, UTF8Salt, IterationCount, 128)) is:
-
0000000: c7 73 0d aa 23 52 1b c1 6a b8 3c be e3 b3 7f 41 .s..#R..j.<....A
The Kerberos key is then created using the AES 128 key above in DK(AES 128 key, "kerberos") ([RFC3962] section 4).
This results in a 128-bit key:
-
0000000: b8 2e e1 22 53 1c 2d 94 82 1a c7 55 bc cb 58 79 ..."S.-....U..Xy