From owner-freebsd-questions@FreeBSD.ORG  Sat Sep 13 22:16:52 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47B2E16A4BF
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Sep 2003 22:16:52 -0700 (PDT)
Received: from dns11.mail.yahoo.co.jp (dns11.mail.yahoo.co.jp
	[210.81.151.144])
	by mx1.FreeBSD.org (Postfix) with SMTP id 9DC3943FBF
	for <freebsd-questions@freebsd.org>;
	Sat, 13 Sep 2003 22:16:50 -0700 (PDT)
	(envelope-from ayakokiko@ybb.ne.jp)
Received: from unknown (HELO gorgon.near.this) (219.11.234.11 with poptime)
  by dns11.mail.yahoo.co.jp with SMTP; 14 Sep 2003 05:16:48 -0000
X-Apparently-From: <ayakokiko@ybb.ne.jp>
Received: from ghost.near.this (ghost.near.this [10.0.3.9])
	by gorgon.near.this (Postfix) with ESMTP
	id 2EB7E7F7D; Sun, 14 Sep 2003 14:16:46 +0900 (JST)
Received: by ghost.near.this (Postfix, from userid 100)
	id AB0D019320; Sun, 14 Sep 2003 14:16:42 +0900 (JST)
Date: Sun, 14 Sep 2003 14:16:40 +0900
From: horio shoichi <bugsgrief@bugsgrief.net>
To: Guy Van Sanden <n.b@myrealbox.com>
In-Reply-To: <1063465291.9570.2.camel@cronos.home.vsb>
References: <200309082359.07548.ajacoutot@lphp.org>
	<20030908161045.C11841@seekingfire.com>
	<42065386.1063047726@[192.168.10.11]>
	<20030908181529.P11841@seekingfire.com>
	<1063359316.2838.18.camel@cronos.home.vsb>
	<20030912070057.E13273@seekingfire.com>
	<1063465291.9570.2.camel@cronos.home.vsb>
X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd4.8)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20030914.051641.5292c9e54a50e93e.10.0.3.9@bugsgrief.net>
cc: freebsd-questions@freebsd.org
Subject: Re: nis security (DES passwords)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Sep 2003 05:16:52 -0000

On Sat, 13 Sep 2003 17:01:31 +0200
Guy Van Sanden <n.b@myrealbox.com> wrote:
> I was looking arround for this, and I found that Kerberos uses DES
> encryption, John (on my sytem) reports it rather weak:
> 
<clip>
> 
> Yet it seems the consensus that Kerberos is secure, am I missing
> something?
> 
1. Krb5 uses default salted 3DES. In addition, as Tillman wrote, krb5
   allows other ciphers.

2. Even krb4, which uses unsalted DES, is considered difficult to crack
   because it does not expose ciphered text (i.e., passwd). On the wire,
   on the local files.


horio shoichi