[6979] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Apr 2 00:33:40 1996
To: mxer@kauri.vuw.ac.nz (Frank Jansen)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 02 Apr 1996 00:16:25 -0500
In-Reply-To: mxer@kauri.vuw.ac.nz's message of 2 Apr 1996 04:10:48 GMT
mxer@kauri.vuw.ac.nz (Frank Jansen) writes:
>
> Greetings,
> How secure are the session keys for kerberos V4 and V5 ? I hear that
> DES , the encryption algorithm used by kerberos, is becoming vulnerable. Is
> there an alternative available and usable in kerberos that will hold up
> better ? Thanks in advance.
No one has publically demonstrated they have broken DES yet.
However, it wouldn't surprise me if it happened in a year or three.
There is no solution for Kerberos4. MIT's next version of
Kerberos5 will likely support tripple-DES for most aspects of the
protocol. (Almost all the code is already written.)
Unfortunately, MIT's Kerberos5 cannot be exported from the
United States. You will have to wait for someone to implement
Kerberos5 outside the US in order to get a legal copy.
>
> -- > Frank Jansen, frank.jansen@vuw.ac.nz , Phone: +64 4 4965416 >
Information Technology Services, * * Fax: +64 4 4715386 > Victoria
University of Wellington, | > P.O. Box 600, Wellington, New Zealand.
\___/ Callsign: ZL2TTS
