[OpenAFS] Analysis of AFS encryption protocol?

Jim Rees rees@umich.edu
Thu, 29 Jul 2004 11:28:19 -0400

This has been discussed before, but I don't know any way to search the
mailing list archives.

The algorithm is called fcrypt.  It is similar to DES and is thought to be
about as secure, but has not been analysed very far.

The protocol is a bit like k4.  Privacy is not enabled by default, but I
think it should be, and we have talked about changing this.  There has been
at least one protocol weakness discovered, exploited, and fixed.  See
P. Honeyman, L.B. Huston, and M.T. Stolarchuk, "Hijacking AFS", August
1991. [Proc. Winter USENIX Conf., San Francisco (January 1992).]

There has been talk of moving to k5 but progress has been glacial, hampered
by U.S. law, the need for backward compatibility, lack of funds, and greater
interest in things like Windows and linux 2.6 (this last part is my personal