[6999] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (William Boyer)
Wed Apr 3 14:19:47 1996
To: kerberos@MIT.EDU
Date: Wed, 03 Apr 1996 10:14:08 -0800
From: William Boyer <boyer.w@ghc.org>
Sam Hartman wrote:
>
> mxer@kauri.vuw.ac.nz (Frank Jansen) writes:
>
> >
> > Greetings,
> > How secure are the session keys for kerberos V4 and V5 ? I hear that
> > DES , the encryption algorithm used by kerberos, is becoming vulnerable. Is
> > there an alternative available and usable in kerberos that will hold up
> > better ? Thanks in advance.
>
> No one has publically demonstrated they have broken DES yet.
> However, it wouldn't surprise me if it happened in a year or three.
>
> There is no solution for Kerberos4. MIT's next version of
> Kerberos5 will likely support tripple-DES for most aspects of the
> protocol. (Almost all the code is already written.)
>
> Unfortunately, MIT's Kerberos5 cannot be exported from the
> United States. You will have to wait for someone to implement
> Kerberos5 outside the US in order to get a legal copy.
>
> >
> > -- > Frank Jansen, frank.jansen@vuw.ac.nz , Phone: +64 4 4965416 >
> Information Technology Services, * * Fax: +64 4 4715386 > Victoria
> University of Wellington, | > P.O. Box 600, Wellington, New Zealand.
> \___/ Callsign: ZL2TTS
The Jan'96 issue of Dr. Dobb's Journal is dedicated to compression and encryption. They talk about 2
different cryptanalysis methods for breaking DES. You may want to check that issue out. May even be
on their Web page http://www.ddj.com
Bill
