Date: Sun, 14 Sep 2003 14:16:40 +0900 From: horio shoichi <bugsgrief@bugsgrief.net> To: Guy Van Sanden <n.b@myrealbox.com> Cc: freebsd-questions@freebsd.org Subject: Re: nis security (DES passwords) Message-ID: <20030914.051641.5292c9e54a50e93e.10.0.3.9@bugsgrief.net> In-Reply-To: <1063465291.9570.2.camel@cronos.home.vsb> References: <200309082359.07548.ajacoutot@lphp.org> <20030908161045.C11841@seekingfire.com> <42065386.1063047726@[192.168.10.11]> <20030908181529.P11841@seekingfire.com> <1063359316.2838.18.camel@cronos.home.vsb> <20030912070057.E13273@seekingfire.com> <1063465291.9570.2.camel@cronos.home.vsb>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Sep 2003 17:01:31 +0200 Guy Van Sanden <n.b@myrealbox.com> wrote: > I was looking arround for this, and I found that Kerberos uses DES > encryption, John (on my sytem) reports it rather weak: > <clip> > > Yet it seems the consensus that Kerberos is secure, am I missing > something? > 1. Krb5 uses default salted 3DES. In addition, as Tillman wrote, krb5 allows other ciphers. 2. Even krb4, which uses unsalted DES, is considered difficult to crack because it does not expose ciphered text (i.e., passwd). On the wire, on the local files. horio shoichi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030914.051641.5292c9e54a50e93e.10.0.3.9>