On Tuesday, Dec 23, 2003, at 13:23 US/Eastern, todhunter5 wrote:
Does Kerberos use the system clock in any way to arrive at the random key to
see the token?
In one or two places I think the MIT code still uses the clock to perturb the random pool a bit, but the seed from /dev/random or /dev/urandom is the real source of randomness. So, yes, technically it's used in our implementation (Microsoft and Heimdal may behave differently), but it has nothing to do with synchronization, and if you're looking for a weakness, you should be looking at how /dev/*random is or is not used, not the fact that we add in additional sources with low randomness.
The system clock is probably also used in the generation of /dev/random data, for example, in the timing interval between receiving packets off the network, stuff like that.
Ken
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
