[6757] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kerberos Weakness (COAST Findings)

daemon@ATHENA.MIT.EDU (Mark Eichin)
Sat Feb 24 19:22:49 1996

To: kerberos@MIT.EDU
Date: 24 Feb 1996 18:39:47 -0500
From: eichin@cygnus.com (Mark Eichin)

>> With des_random_key available and no access to the MIT code, why use the
>> old, broken (as it turned out) ranom_key function?

Point of information: in the MIT code, "des_random_key" *is* the
broken one; "random_key" is a backwards-compatibility define (for
kerberos 3, maybe? :-) along with a few other non-prefixed names. The
correct generator *for the MIT libraries* is called des_new_random_key.

This naming, of course, isn't to relevant, since eBones had neither
the calls to the random generator *nor* any of the generators...
leaving plenty of opportunities to be more or less creative with the
information.
			_Mark_ <eichin@cygnus.com>
			Cygnus Support
			Cygnus Network Security <network-security@cygnus.com>
			http://www.cygnus.com/data/cns/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6757] in Kerberos

Re: Kerberos Weakness (COAST Findings)

daemon@ATHENA.MIT.EDU (Mark Eichin)Sat Feb 24 19:22:49 1996

daemon@ATHENA.MIT.EDU (Mark Eichin)
Sat Feb 24 19:22:49 1996