I thought the k4 attack worked because the kdc would give an encrypted tgt to anyone who asks for it, which allows offline dictionary attacks. This works with any encryption algorithm. In fact the use of des makes you more resistant to attack, because it's slower than the alternatives. K5 fixes this by optionally requiring pre-authentication. Am I confusing two different attacks?