[6754] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

extent of random key patch?

daemon@ATHENA.MIT.EDU (Larry J. Hughes Jr.)
Fri Feb 23 19:53:35 1996

To: kerberos@MIT.EDU
Date: 23 Feb 1996 22:17:58 GMT
From: hughes@bodhi.it.iupui.edu (Larry J. Hughes Jr.)

I haven't yet analyzed the extent of the random key patch, but does it 
fix *all* random key generation, even beyond those used for session keys?

For example, if you use kdb_edit to create an application server
principal, and specify the word RANDOM (in all upper case) as the 
password, as I am wont to do:

   Principal: foo, Instance: bar, kdc_key_ver: 
   New Password:
   Verifying, please re-enter 
   New Password: 

   Random password [y] ? 

...does it do the "right" thing?  Entropy in session keys is bad
enough, but there are sites with weak server keys, this must also be
addressed after-the-fact.

---
Larry J. Hughes, Jr.    hughes@indiana.edu
Indiana University      http://copper.ucs.indiana.edu/~hughes/
Author, "Actually Useful Internet Security Techniques," ISBN 1-56205-508-9


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6754] in Kerberos

extent of random key patch?

daemon@ATHENA.MIT.EDU (Larry J. Hughes Jr.)Fri Feb 23 19:53:35 1996

daemon@ATHENA.MIT.EDU (Larry J. Hughes Jr.)
Fri Feb 23 19:53:35 1996