On Nov 2, 2006, at 9:03 AM, [EMAIL PROTECTED] wrote: > Date: Wed, 1 Nov 2006 22:21:53 -0500 > From: Ken Raeburn <[EMAIL PROTECTED]> > Subject: Re: Migrating a Kerberos Realm > To: John Hascall <[EMAIL PROTECTED]> > Cc: kerberos@mit.edu > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > > On Nov 1, 2006, at 22:04, John Hascall wrote: >> If anyone is thinking of going down this road, be aware that >> there are some crappy client implementations out there >> (* looks in the direction of WebCT Vista and coughs *) >> that don't handle a non-default salt correctly... > > And here I was, thinking it would be a good idea to pick random salt > strings on password changes, to make certain attacks more costly.... > > Ken
The "other" Ken says that part of the client code "isn't well exercised". ;-) OTOH, it sounds like a fun idea to me. Do the cryptosystem RFC's specify the default salt? ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos