[6773] in Kerberos
Re: Kerberos Weakness (COAST Findings)
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Feb 27 09:16:56 1996
Date: Tue, 27 Feb 1996 09:05:12 -0500
To: eichin@cygnus.com (Mark Eichin)
Cc: kerberos@MIT.EDU
In-Reply-To: <xe1ivgtmm86.fsf@scuba.cygnus.com>
From: "Richard Basch" <basch@lehman.com>
On , 26-February-1996, "Mark Eichin" wrote to "kerberos@MIT.EDU" saying:
>
> >> noted that thousands of banks and financial institutions use it) in an
>
> Hmm. Banks/Financial Institutions use DES (or I've heard they use 3DES
> these days) but I've only heard of isolated cases of them using
> Kerberos. Certainly *not* thousands...
Well, I have heard of several of the major investment banks and
brokerages using Kerberos (V4, V5, or DCE) for various authentication
purposes (usually system management). I am not aware of a wide-scale
usage of Kerberos for the actual financial transactions, though.
In terms of encryption, there are a lot of regulations governing what is
acceptable (and I do not know what they all are). I have heard about
DES, 3DES, and *know* that there is some use of PGP and PEM.
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
