On Wed, 2005-01-19 at 23:24 +0000, Dave Love wrote: > Andrew Bartlett <abartlet@samba.org> writes: > > > Firstly, I think that the type 23 keys (arcfour-hmac-md5, aka the NT > > hash) are now in the default key types, and while it is a limited type, > > with less than broad support on older kerberos libs. It's not my > > understanding that the type 23 keys are particularly weak in any way. > > Sorry for the misinformation, then. I've certainly seen them > described as weak in places like bugtraq, though. I was expecting > Love or someone to check it anyhow. I'm assuming (but would enjoy to hear from folks who know the kerberos side better than aI) that this is related to it's use in NTLM challenge- response authentication, where the use of the hash (rather than the hash itself) is rather weak. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part