MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4

Sam Hartman hartmans at MIT.EDU
Mon Mar 17 18:42:01 EST 2003

>>>>> "Mike" == Mike Friedman <mikef at ack.Berkeley.EDU> writes:

    Mike> Sam,

    Mike> If I don't use DES3 keys at all in my KDC, do I still need
    Mike> to run with 'V4 none' or 'V4 disable' to be protected?

    Mike> Mike

There were two issues:

1) v4 is broken

2) MIT's 3DES support for v4 is more broken than v4 normally is.

More information about the krbdev mailing list