>>>>> "Mihai" == Mihai RUSU <[EMAIL PROTECTED]> writes:
Mihai> On Wed, 24 Mar 2004, Sam Hartman wrote:
>> Try ktadd -e des-cbc-crc:normal principalname
Mihai> Yes, works perfectly, thank you all for your
Mihai> answer. Another question whould be which method is "more
Mihai> secore(tm)" des-cbc-crc or des-cbc-md5 ? ;)
This is a briefly considered opinion; I may be overlooking something.
I expect it doesn't matter that much. We've seen at least one attack
where des-cbc-md5 was more vulnerable than des-cbc-crc. However md5
was intended to be a cryptographic hash and crc is not. Crc is also a
shorter value (32 bits) so the chance of a random collision is much
higher. But there is a confounder added to the encryption, so in many
cases such random collisions won't help an attacker much.
Perhaps the right answer is that DES isn't particularly secure these
days.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
