[16394] in Kerberos_V5_Development
Re: random to key from password
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Sep 27 17:23:02 2010
Date: Mon, 27 Sep 2010 16:22:20 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Sam Hartman <hartmans@mit.edu>
Message-ID: <20100927212220.GR9501@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <tsl62xqvqlx.fsf@live.suchdamage.org>
Cc: lha@h5l.org, Russ Allbery <rra@stanford.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Sep 27, 2010 at 05:11:38PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@oracle.com> writes:
>
> Nicolas> On Mon, Sep 27, 2010 at 04:42:14PM -0400, Sam Hartman wrote:
> >> The KDC prefers AES to DES. So, you'll never be able to use the
> >> DES key for much, but it exists and you can somehow get some text
> >> to attack it.
>
> Nicolas> How would you get that ciphertext?
> Claim to be a client that only supports DES. This is a random
> key--allowing use as a client is supposed to be reasonable even without
> preauth.
Ah, right. We really need to have a way to say which enctypes a service
princ is allowed to use as a client...
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
