[OpenAFS] krb4 3des vulnerability

Derek Atkins warlord@MIT.EDU
17 Mar 2003 16:46:07 -0500

You are still vulnerable, but only to those people who know the
keys to "long" principals.


Russ Allbery <rra@stanford.edu> writes:

> Brent Johnson <Brent.A.Johnson@jpl.nasa.gov> writes:
> > So does this mean if you're using kaserver you're vulnerable to this?
> > Does kaserver use 3des encryption?  Is there any way to turn cross-realm
> > authentication off?
> My *hope* is that if you have no cross-realm keys in your kaserver you're
> not vulnerable, but that's just a guess, and I'd love to get confirmation
> of that....
> So far as I know, kaserver doesn't support 3DES at all.
> -- 
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available