Key sharing API+protocol: Distribute entropy, not raw keys
Integrate better with the Kerberos algorithm definitions by not mapping a key, but its entropy:
- have one random buffer type large enough to hold random material for all algorithms in use
- as part of key generation, support filling such a buffer (in part)
- during key mapping, tap the entropy from such a buffer
- consider inserting the entropy buffer in the key type (so we can retain the current API)
- the protocol changes due to this (not for AES, but possibly for less dense algorithms)
Edited by Rick van Rein