Doug writes:
> Since AFS security is based on Kerberos 4, has Transarc been notified
> of this potential problem? Is it a problem with AFS?
I don't believe there is a problem with most versions of AFS.
While AFS does use the MIT des library, there are subtle, but
distinct differences between the two. Specifically, as distributed,
mitdes includes a file random_key.c - which is (I *believe*) the
one that includes code for des_random_key that generates easily
compromised session keys, & another file new_rnd_key.c, which provides
a new function, des_new_random_key, that looks much better.
This is true at least in kerberos "4.10+" and cygnus kerberos.
In AFS, at least least since AFS 3.1, it looks like random_key is
not compiled, & instead the better function des_new_random_key is
called des_random_key. More recent versions of AFS don't even
include random_key.c.
That doesn't necessarily exonerate AFS -- "looks much better"
doesn't necessarily mean "immune"; but if there is a hole
in AFS, it's likely to be a *much* more subtle one that has
to do with how often & just when des_init_random_number_generator
is called, rather than the hole in MIT which is the glaringly obvious
use of srandom/random.
Of course, that's just my unofficial opinion.
-Marcus Watts
UM ITD PD&D Umich Systems Group
