Subject: Re: Kerberos: telnet to Solaris -> Bad encryption type
To: Johan Danielsson <joda@pdc.kth.se>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 09/27/2005 09:14:31
In message <xofirwmwz1e.fsf@shoal.pdc.kth.se>, Johan Danielsson writes:
>"Steven M. Bellovin" <smb@cs.columbia.edu> writes:
>
>> Why do you say this?  As far as I know, there are no generic attacks 
>> against CFB, and the weakness of DES is (and always has been) against 
>> brute-force key search, which 3DES defends against.
>
>Maybe I'm wrong. If the weakness of CFB lies only in the crypto used,
>then 3DES is a lot better. Also telnet doesn't implement any integrity
>by itself, and CFB doesn't help much either.
>

Lack of integrity-checking in a crypto protocol is indeed serious.  For 
telnet, it's' slightly worse for CFB than for CBC, but both are 
seriously flawed against replay attacks.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb