MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4

Mike Friedman mikef at ack.Berkeley.EDU
Mon Mar 17 18:39:22 EST 2003

On Mon Mar 17 15:27:48 2003, Sam Hartman said:

> Enabling v4 keys in kdc.conf does not matter.  The question is whether
> KDC support for v4 is on.  If you run with -4 none or -4 disabled on
> the command line and do not run krb524d you are not vulnerable.


If I don't use DES3 keys at all in my KDC, do I still need to run with
'V4 none' or 'V4 disable' to be protected?


Mike Friedman                             System and Network Security
mikef at ack.Berkeley.EDU                    2484 Shattuck Avenue
1-510-642-1410                            University of California at Berkeley

More information about the krbdev mailing list