On 2 April 2014 20:45, Russ Allbery <[email protected]> wrote: > Benjamin Kaduk <[email protected]> writes: > >> The core kerberos protocol itself is pretty well-analyzed, and unlikely >> to have been backdoored. There could potentially be issues with the >> crypto primitives used by a particular Kerberos implementation or >> encryption type (e.g., PRNG, block cipher, and hash function), but such >> issues would have much broader consequences than just kerberos. AES is >> probably fine, but, say, the md4 hash function used in arcfour-hmac's >> string-to-key is not so good, and as mentioned already RFC 6649 >> deprecates some weak enctypes. > > With Kerberos, it's always worth being aware that it's a trusted central > authentication system.
Isn't there a distributed version of Kerberos5 which avoids this problem? Wang -- Wang Shouhua - [email protected] 中华人民共和国科学技术部 - HTTP://WWW.MOST.GOV.CN
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
