[6750] in Kerberos
Re: Kerberos Weakness (COAST Findings)
daemon@ATHENA.MIT.EDU (Mark Eichin)
Fri Feb 23 18:41:19 1996
To: kerberos@MIT.EDU
Date: 23 Feb 1996 17:33:52 -0500
From: eichin@cygnus.com (Mark Eichin)
>> the vulnerability was fairly well known (there were comments in the new
>> random key generator to the effect that the old one was insecure), and
One does wonder why, when the new random key generator was added to
the sources (which appears to have been back in 1988, though it may
have been earlier...) it wasn't *immediately* put into use.
Also, as far as I can tell, the comments in new_rnd_key.c only
indicate things about the strength of the new generator, not about the
weakness of the old one.
