Comments on the checksum vulnerabilities

Sam Hartman hartmans at MIT.EDU
Fri Dec 3 13:31:42 EST 2010

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> Sam has argued (privately) that it's better to use an
    Greg> MIT-style check because it allows the deployment of new
    Greg> cksumtypes for an enctype.  I am not sure that this is
    Greg> valuable, since we have no checksum type negotiation in the
    Greg> Kerberos protocol, only enctype negotiation.  I would be more
    Greg> comfortable with a Heimdal-style check.

Are there any differences between the Heimdal and MIT style checks for
current checksums?

More information about the krbdev mailing list