[krbdev.mit.edu #1624] use more secure checksum types
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Wed Jun 25 20:14:22 EDT 2003
>>>>> "Ken" == Ken Raeburn via RT <rt-comment at krbdev.mit.edu> writes:
Ken> By default, we're using the checksum types for kdc_req,
Ken> ap_req, and krb_safe messages that are specified in the
Ken> config file, with some hard-coded defaults. The ability to
Ken> specify them in the config file is for DCE compatibility.
Ken> The problem is, except for the krb_safe one, the fallbacks
Ken> are weak, unkeyed types, and we always use them, not just in
Ken> conjunction with DES key types.
Ken> (a) Can we get rid of the config file specifications
Ken> altogether, even if it means losing on compatibility with
Ken> some versions of DCE (and possibly not even the latest
Ken> version)?
I actually think we should keep the config file stuff for debugging,
but only use it if specified.
ANd we should make it clear that users should never specify those
checksums. IF you specify a wrong checksum (one that is keyed
incorrectly), then things will fail.
But I find it useful to be able to override checksum types for
debugging and interop testing.
More information about the krb5-bugs
mailing list