RC4 Weak Key checks
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Mar 28 19:38:35 EDT 2011
On 3/28/2011 7:30 PM, Greg Hudson wrote:
> On Fri, 2011-03-25 at 15:22 -0400, Jeffrey Altman wrote:
>> I can find no evidence that Microsoft Kerberos SSP performs weak key
>> checks. Perhaps the consortium can obtain an explicit answer from
>> Microsoft.
>
> I've received an answer that Microsoft Kerberos does not check for RC4
> weak keys. I will remove the weak key checks from our trunk code and
> mark it for backport to (at least) 1.9.
I would backport it to at least 1.6.x since Linux distributions are
still supporting 1.6.x on some in service release series.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20110328/b60d4f16/attachment.bin
More information about the krbdev
mailing list