6710968492
Currently, if the AS exchange uses PA-ENC-TIMESTAMP, a Heimdal client
will transmit the AS-REQ with one PA-ENC-TIMESTAMP for every supported
encryption type. This is bad because:
(1) An eavesdropper collecting this information for dictionary
attacks will have his life made easier, since he can use
DES (rather than a stronger crypto system).
(2) Waste of CPU cycles on client.
(3) (Maybe) cryptanalysis is assisted by capturing ciphtertexts
that are known to be the same plaintext encrypted with the
same key in several algorithms (though the confounder confounds
this).
The KDC provides the list of etypes supported in PA-ETYPE-INFO in the
KRB-ERROR reply ... let's use the first one, eh?
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11646 ec53bebd-3082-4978-b11e-865c3cabbd6b
$Id$ Heimdal is a Kerberos 5 implementation. Please see the manual in doc, by default installed in /usr/heimdal/info/heimdal.info for information on how to install. There are also briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them. For more information see the web-page at <http://www.pdc.kth.se/heimdal/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.