RC4 Weak Key checks

Jeffrey Altman jaltman at secure-endpoints.com
Mon Mar 28 19:38:35 EDT 2011


On 3/28/2011 7:30 PM, Greg Hudson wrote:
> On Fri, 2011-03-25 at 15:22 -0400, Jeffrey Altman wrote:
>> I can find no evidence that Microsoft Kerberos SSP performs weak key
>> checks.  Perhaps the consortium can obtain an explicit answer from
>> Microsoft.
> 
> I've received an answer that Microsoft Kerberos does not check for RC4
> weak keys.  I will remove the weak key checks from our trunk code and
> mark it for backport to (at least) 1.9.

I would backport it to at least 1.6.x since Linux distributions are
still supporting 1.6.x on some in service release series.

Jeffrey Altman


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20110328/b60d4f16/attachment.bin


More information about the krbdev mailing list