[krbdev.mit.edu #6886] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Jun 9 17:08:44 EDT 2011
pull up r24750 from trunk
------------------------------------------------------------------------
r24750 | ghudson | 2011-03-28 19:35:54 -0400 (Mon, 28 Mar 2011) | 11 lines
ticket: 6886
target_version: 1.9.1
tags: pullup
Remove the weak key checks from the builtin rc4 enc provider. There
is no standards support for avoiding RC4 weak keys, so rejecting them
causes periodic failures. Heimdal and Microsoft do not check for weak
keys. Attacks based on these weak keys are probably thwarted by the
use of a confounder, and even if not, the reduction in work factor is
not terribly significant for 128-bit keys.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24951
Commit By: tlyu
Revision: 24951
Changed Files:
U branches/krb5-1-9/src/lib/crypto/builtin/enc_provider/rc4.c
More information about the krb5-bugs
mailing list