MD5 tickets and Windows 2000
Sam Hartman
hartmans at MIT.EDU
Tue Oct 29 20:13:47 EST 2002
>>>>> "Nathan" == Nathan Ward <nward at esphion.com> writes:
Nathan> Is there much security implication with des-cbc-crc
Perhaps. IN practice we have not seen any well-fleshed-out attacks
against des-cbc-crc although there are directions of attack against
des-cbc-crc that do not exist against des-cbc-md5.
But really all the DES encryption types are fairly insecure.
Nathan> vs
Nathan> des-cbc-md5? Do encryption types matter that much?
Yes. You really want to be using an encryption type stronger than
DES. Unfortunately released MIT code does not share an encryption
type stronger than any of the DES types with Microsoft.
They support rc4; we support 3des.
MIT's support for des-cbc-md5 should be fine in the client code, but
you probably do not want to use des-cbc-md5 with an MIT KDC.
More information about the Kerberos
mailing list