[krbdev.mit.edu #1624] use more secure checksum types

Sam Hartman via RT rt-comment at krbdev.mit.edu
Wed Jun 25 20:14:22 EDT 2003


>>>>> "Ken" == Ken Raeburn via RT <rt-comment at krbdev.mit.edu> writes:

    Ken> By default, we're using the checksum types for kdc_req,
    Ken> ap_req, and krb_safe messages that are specified in the
    Ken> config file, with some hard-coded defaults.  The ability to
    Ken> specify them in the config file is for DCE compatibility.
    Ken> The problem is, except for the krb_safe one, the fallbacks
    Ken> are weak, unkeyed types, and we always use them, not just in
    Ken> conjunction with DES key types.

    Ken> (a) Can we get rid of the config file specifications
    Ken> altogether, even if it means losing on compatibility with
    Ken> some versions of DCE (and possibly not even the latest
    Ken> version)?

I actually think we should keep the config file stuff for debugging,
but only use it if specified.

ANd we should make it clear that users should never specify those
checksums.  IF you specify a wrong checksum (one that is keyed
incorrectly), then things will fail.

But I find it useful to be able to override checksum types for
debugging and interop testing.



More information about the krb5-bugs mailing list