>I thought the k4 attack worked because the kdc would give an encrypted tgt >to anyone who asks for it, which allows offline dictionary attacks. This >works with any encryption algorithm. In fact the use of des makes you more >resistant to attack, because it's slower than the alternatives. K5 fixes >this by optionally requiring pre-authentication.
I was under the impression that he was worrying about brute-force attacks against DES (specifically, the AFS service key), which we don't have a defense against yet. I haven't yet seen brute-force attacks against DES in the wild, but I'm computers are getting faster all of the time; I'm sure it's only a matter of time. --Ken _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
