> On Nov 2, 2006, at 9:03 AM, [EMAIL PROTECTED] wrote: > > On Nov 1, 2006, at 22:04, John Hascall wrote: > >> If anyone is thinking of going down this road, be aware that > >> there are some crappy client implementations out there > >> (* looks in the direction of WebCT Vista and coughs *) > >> that don't handle a non-default salt correctly...
> > And here I was, thinking it would be a good idea to pick random salt > > strings on password changes, to make certain attacks more costly.... > The "other" Ken says that part of the client code "isn't well > exercised". ;-) > OTOH, it sounds like a fun idea to me. Do the cryptosystem RFC's > specify the default salt? In the minds of BlackWebBoardCT, or whatever the h*ll they're called now, the "default" seems to be whatever behaviour the Windows Active Directory that they developed against happened to do one day. John ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
