On Nov 1, 2006, at 22:04, John Hascall wrote: > If anyone is thinking of going down this road, be aware that > there are some crappy client implementations out there > (* looks in the direction of WebCT Vista and coughs *) > that don't handle a non-default salt correctly...
And here I was, thinking it would be a good idea to pick random salt strings on password changes, to make certain attacks more costly.... Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
