1996-02-21 - Kerberos vulnerability
Header Data
From: an5877@anon.penet.fi (deadbeat)
To: cypherpunks@toad.com
Message Hash: 5076bd44bc0a0eb8111372fdec506254724d66ee51af428c3ebf0531bc350729
Message ID: <9602210339.AA22431@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1996-02-21 08:42:51 UTC
Raw Date: Wed, 21 Feb 1996 16:42:51 +0800
Raw message
From: an5877@anon.penet.fi (deadbeat)
Date: Wed, 21 Feb 1996 16:42:51 +0800
To: cypherpunks@toad.com
Subject: Kerberos vulnerability
Message-ID: <9602210339.AA22431@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
A Kerberos V4 session key is chosen by calling random() repeatedly.
THe PRNG is seeded with srandom(time.tv_usec ^ time.tv_sec ^ p ^ n++),
where p is a static integer set to getpid() ^ gethostid() on the first
call and n is a static counter.
Is there any entropy here??? Most, if not all, Kerberos servers run one
time synchronization protocol or another, which reduces the entropy to a
few bits at most.
DEADBEAT <na5877@anon.penet.fi>
-----BEGIN PGP SIGNATURE-----
Version: 2.4
iQBFAgUBMSnfhvFZTpBW/B35AQFNqgGApyXhHKIstdDvNaCuJY/fWfRZ16BvK60A
Qde5VxuTsFdZsm69rrTtGxpdyplBxso6
=jHUm
-----END PGP SIGNATURE-----
--****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION***
Your e-mail reply to this message WILL be *automatically* ANONYMIZED.
Please, report inappropriate use to abuse@anon.penet.fi
For information (incl. non-anon reply) write to help@anon.penet.fi
If you have any problems, address them to admin@anon.penet.fi
Thread
Return to February 1996
- Return to “an5877@anon.penet.fi (deadbeat)”
Return to “Julian Assange <proff@suburbia.net>”
- 1996-02-21 (Wed, 21 Feb 1996 16:42:51 +0800) - Kerberos vulnerability - an5877@anon.penet.fi (deadbeat)
- 1996-02-22 (Wed, 21 Feb 96 22:07:59 PST) - Re: Kerberos vulnerability - Julian Assange <proff@suburbia.net>