All,
There have been several network postings and a Wall Street Journal
article about a security problem in Kerberos. This mail addresses
the impact of that security problem on Transarc's products and
customers.
Based on information from MIT, the security problems are only in
Kerberos Version 4.0. This version of Kerberos is used in our AFS
product (all versions of AFS), while Kerberos Version 5.0 is used in
our DCE product (Kerberos Version 5.0 is used in ALL DCE products).
The code that causes the reported security problem is the random key
generator in Kerberos Version 4.0. We replaced this code in our AFS
product in 1989 (prior to our first product release of AFS), and we
replaced it with the random key generator from early versions of
Kerberos Version 5.0. This means that all versions of AFS are NOT
susceptible to the reported security problem.
Our DCE products are based on Kerberos Version 5.0, which are not
susceptible to this security problem. Our Encina products use DCE,
which are based on Kerberos Version 5.0, and are therefore not
susceptible to this security problem.
Please feel free to contact me directly if you have further questions
about this issue.
Liz Hines
Director, Product Support
Transarc Corporation
412-338-4412
