random to key from password

Nicolas Williams Nicolas.Williams at oracle.com
Mon Sep 27 17:22:20 EDT 2010


On Mon, Sep 27, 2010 at 05:11:38PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at oracle.com> writes:
> 
>     Nicolas> On Mon, Sep 27, 2010 at 04:42:14PM -0400, Sam Hartman wrote:
>     >> The KDC prefers AES to DES.  So, you'll never be able to use the
>     >> DES key for much, but it exists and you can somehow get some text
>     >> to attack it.
> 
>     Nicolas> How would you get that ciphertext?  
> Claim to be a client that only supports DES.  This is a random
> key--allowing use as a client is supposed to be reasonable even without
> preauth.

Ah, right.  We really need to have a way to say which enctypes a service
princ is allowed to use as a client...

Nico
-- 



More information about the krbdev mailing list