[5012] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Rumor Control: "Kerberos cracked?"

daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Apr 21 14:38:33 1995

Date: Fri, 21 Apr 1995 14:23:26 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: Steve Omand <omand@athena.tay.dec.com>
Cc: kerberos@MIT.EDU
In-Reply-To: Steve Omand's message of Thu, 20 Apr 95 10:13:41 EDT,
	<9504201413.AA10424@steveo.athena.tay.dec.com>

   Date: Thu, 20 Apr 95 10:13:41 EDT
   From: Steve Omand <omand@athena.tay.dec.com>

   I received the following inquiry from one of our sales folk.

   > Date:	19-Apr-1995
   >        The story is: some students at MIT have been playing with
   >        Kerberos and have "cracked" the logic.  This tale has been going
   >        around for over a month.  Fact of fiction, it has upset everyone
   >        that is using a security product that is based on Kerberos.

   >        I was just curious if any of you have heard this?  You guys are
   >        a lot closer (geographically too) than we are.

   >        Paul H

Well, I'm at MIT, and as far as I know, the story is false.  We use
Kerberos for all of our client/server applications within Project
Athena, and we are planning to extend its use to protect our
administrative systems.  There certainly have been no reports of any our
students having "cracked" the logic.

From your description, this story seems to have all of the attributes of
an urban myth.

						- Ted

home help back first fref pref prev next nref lref last post