[OpenAFS-devel] rxgk and better-than DES keys?

[Ken Hornstein]

>plain old DES keys are getting close to being trivially easy to attack.

I admit, DES doesn't make me warm and fuzzy ... but I have not yet seen
indications that DES is getting close to being "trivially easy to attack".
Care to provide some references for this statement?

>What are the risks that someone could stiff AFS traffic and 'recover'
>your AFS Keyfile?

The risk exists.  It would appear that you either need to have a
principal in the target realm (or realm you cross-realm with), or be
able to sniff traffic; I don't think there's a way to do it without
having access to an actual ticket (I suppose you could construct
tickets with trial keys and send them to an AFS server, but that would
take a LONG time ... and your target might notice eventually).  I know
about it and I want to see it addressed, but I'm not losing sleep over
it (and we're a site that went through a manditory elimination of
single-DES support in our Kerberos realm ... with the exception of AFS,
of course).

--Ken