random to key from password
Nicolas Williams
Nicolas.Williams at oracle.com
Mon Sep 27 17:22:20 EDT 2010
On Mon, Sep 27, 2010 at 05:11:38PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at oracle.com> writes:
>
> Nicolas> On Mon, Sep 27, 2010 at 04:42:14PM -0400, Sam Hartman wrote:
> >> The KDC prefers AES to DES. So, you'll never be able to use the
> >> DES key for much, but it exists and you can somehow get some text
> >> to attack it.
>
> Nicolas> How would you get that ciphertext?
> Claim to be a client that only supports DES. This is a random
> key--allowing use as a client is supposed to be reasonable even without
> preauth.
Ah, right. We really need to have a way to say which enctypes a service
princ is allowed to use as a client...
Nico
--
More information about the krbdev
mailing list