RC4 Weak Key checks
Greg Hudson
ghudson at MIT.EDU
Mon Mar 28 19:30:40 EDT 2011
On Fri, 2011-03-25 at 15:22 -0400, Jeffrey Altman wrote:
> I can find no evidence that Microsoft Kerberos SSP performs weak key
> checks. Perhaps the consortium can obtain an explicit answer from
> Microsoft.
I've received an answer that Microsoft Kerberos does not check for RC4
weak keys. I will remove the weak key checks from our trunk code and
mark it for backport to (at least) 1.9.
More information about the krbdev
mailing list