[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos vulnerability

To: [email protected]
Subject: Kerberos vulnerability
From: [email protected] (deadbeat)
Date: Wed, 21 Feb 1996 03:39:45 UTC
Organization: Anonymous forwarding service
Reply-To: [email protected]
Sender: [email protected]


-----BEGIN PGP SIGNED MESSAGE-----

A Kerberos V4 session key is chosen by calling random() repeatedly.
THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
where p is a static integer set to getpid() ^ gethostid() on the first
call and n is a static counter.

Is there any entropy here???  Most, if not all, Kerberos servers run one
time synchronization protocol or another, which reduces the entropy to a
few bits at most.

DEADBEAT <[email protected]>


-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQBFAgUBMSnfhvFZTpBW/B35AQFNqgGApyXhHKIstdDvNaCuJY/fWfRZ16BvK60A
Qde5VxuTsFdZsm69rrTtGxpdyplBxso6
=jHUm
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to                [email protected]
For information (incl. non-anon reply) write to    [email protected]
If you have any problems, address them to          [email protected]

Follow-Ups:
- Re: Kerberos vulnerability
  - From: Julian Assange <[email protected]>

Prev by Date: Re: DES_ono
Next by Date: Re: Internet Privacy Guaranteed ad (POTP Jr.)
Prev by thread: Re: Web Browsers and Anonymous Mail (Was: NSA net trolling)
Next by thread: Re: Kerberos vulnerability
Index(es):
- Date
- Thread