From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 13 12:36:27 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8425F16A4BF
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Sep 2003 12:36:27 -0700 (PDT)
Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7743443FE1
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Sep 2003 12:36:26 -0700 (PDT)
	(envelope-from tillman@seekingfire.com)
Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211])
	by mail.seekingfire.com (Postfix) with ESMTP id 358CA2AF
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Sep 2003 13:36:25 -0600 (CST)
Received: (from tillman@localhost)
	by blues.seekingfire.prv (8.11.6/8.11.6) id h8DJaOM19171
	for freebsd-questions@freebsd.org; Sat, 13 Sep 2003 13:36:24 -0600
Date: Sat, 13 Sep 2003 13:36:24 -0600
From: Tillman Hodgson <tillman@seekingfire.com>
To: freebsd-questions@freebsd.org
Message-ID: <20030913133624.W13273@seekingfire.com>
References: <200309082359.07548.ajacoutot@lphp.org>
	<20030908161045.C11841@seekingfire.com> <42065386.1063047726@[192.168.10.11]>
	<20030908181529.P11841@seekingfire.com>
	<1063359316.2838.18.camel@cronos.home.vsb>
	<20030912070057.E13273@seekingfire.com>
	<1063465291.9570.2.camel@cronos.home.vsb>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <1063465291.9570.2.camel@cronos.home.vsb>;
	from n.b@myrealbox.com on Sat, Sep 13, 2003 at 05:01:31PM +0200
X-Urban-Legend: There is lots of hidden information in headers
Subject: Re: nis security (DES passwords)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Sep 2003 19:36:27 -0000

On Sat, Sep 13, 2003 at 05:01:31PM +0200, Guy Van Sanden wrote:
> I was looking arround for this, and I found that Kerberos uses DES
> encryption, John (on my sytem) reports it rather weak:
<snip>
> I'm now using MD5 passwords in NIS.
> 
> Yet it seems the consensus that Kerberos is secure, am I missing
> something?

Yes :-)

1. Kerberos can use a variety of encryption methods
2. With NIS, arbitrary users can run John against the password database.
   With Kerberos, they can't because they don't have the Kerberos
   database to run John against.

-T


-- 
Beauty is not diminished by being shared.
	- Robert Heinlein