>plain old DES keys are getting close to being trivially easy to attack.
I admit, DES doesn't make me warm and fuzzy ... but I have not yet seen indications that DES is getting close to being "trivially easy to attack". Care to provide some references for this statement? >What are the risks that someone could stiff AFS traffic and 'recover' >your AFS Keyfile? The risk exists. It would appear that you either need to have a principal in the target realm (or realm you cross-realm with), or be able to sniff traffic; I don't think there's a way to do it without having access to an actual ticket (I suppose you could construct tickets with trial keys and send them to an AFS server, but that would take a LONG time ... and your target might notice eventually). I know about it and I want to see it addressed, but I'm not losing sleep over it (and we're a site that went through a manditory elimination of single-DES support in our Kerberos realm ... with the exception of AFS, of course). --Ken _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
