[16733] in Kerberos_V5_Development
Re: RC4 Weak Key checks
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon Mar 28 19:38:43 2011
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: krbdev@mit.edu
Message-ID: <4D911BFB.3020806@secure-endpoints.com>
Date: Mon, 28 Mar 2011 19:38:35 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: ghudson@mit.edu
In-Reply-To: <1301355040.10465.237.camel@t410>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Reply-To: jaltman@secure-endpoints.com
Content-Type: multipart/mixed; boundary="===============1861295806=="
Errors-To: krbdev-bounces@mit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1861295806==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig2C40314405C3B9BBB6B228F6"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2C40314405C3B9BBB6B228F6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 3/28/2011 7:30 PM, Greg Hudson wrote:
> On Fri, 2011-03-25 at 15:22 -0400, Jeffrey Altman wrote:
>> I can find no evidence that Microsoft Kerberos SSP performs weak key
>> checks. Perhaps the consortium can obtain an explicit answer from
>> Microsoft.
>=20
> I've received an answer that Microsoft Kerberos does not check for RC4
> weak keys. I will remove the weak key checks from our trunk code and
> mark it for backport to (at least) 1.9.
I would backport it to at least 1.6.x since Linux distributions are
still supporting 1.6.x on some in service release series.
Jeffrey Altman
--------------enig2C40314405C3B9BBB6B228F6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJNkRv+AAoJENxm1CNJffh4X+MIAN1rox5t0N/mxdD9ROXUduSf
TV4BLZ1ftqjrMWfIvzCZWuzvJgMvb7neWF1qUIhfVo1mdiMO82qXANBIlRcrzyRW
cIcIxmUUho3C8Cw57+3j16kRTTgxJ84UqQ9wFL/HaAYNgsLVFm/2aYTX1pelMm/K
zlgMNRoAKSI38mMSEZc8vMQZqE5CSUcbOrpplhN0ZgC9xCjVpDu0qEVn2/8sdJfG
+nUpuzB+WdMO6OudI9CfEFixdAnkk2Was1Kgc8/tnW9/w5VOMlm9bkcnYD4Tg0k5
1mozuXgeb6r8+3P/AVJXEgsK/IB8YHWFjLK+EcO+qzZ3hj9uGBjcsx3iS2CbwaA=
=5igh
-----END PGP SIGNATURE-----
--------------enig2C40314405C3B9BBB6B228F6--
--===============1861295806==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
--===============1861295806==--
