[6741] in Kerberos
Re: Kerberos Weakness (COAST Findings)
daemon@ATHENA.MIT.EDU (Mark Murray)
Fri Feb 23 03:53:24 1996
To: kerberos@MIT.EDU
Date: Fri, 23 Feb 1996 07:44:41 GMT
From: markm@iafrica.com (Mark Murray)
tls@panix.com (Thor Lancelot Simon) wrote:
>The Kerberos that's part of NetBSD is eBones-derived.
>It doesn't suffer from the problem in question, as one would tend to expect --
>With des_random_key available and no access to the MIT code, why use the
>old, broken (as it turned out) ranom_key function?
>I'm not even sure random_key is included in eBones. Was it stripped out when
>Bones was produced?
There are two routines in question - des_random_key and
des_new_random_key (I may have the names slightly wrong but WTH)
Both were put back into eBones by Eric Young when eBones was created
from Bones.
The patch to fix eBones (Which is now in FreeBSD's eBones)
replaces des_random_key with des_new_random_key and adds some
random number initialisation calls as well.
>On the other hand, eBones has plenty of other problems, mostly resulting from
>confusion about the type of C_BLOCK and an implementation choice that masks
>rampant confusion about whether lots of libkrb functions take *C_BLOCK or
>C_BLOCK. I think I nailed all of these in NetBSD; I know I didn't catch some
>mistaken prototypes, though.
I did the same for FreeBSD.
M
