Am 06.07.2010, 21:00 Uhr, schrieb Matthew Seaman: > On 06/07/2010 15:14:28, Andrew Reilly wrote: >> So: how should I "fix" this, properly, on my -current system? Is it >> as simple as installing heimdal from ports? I can't remove openssl-1.0: >> that has 191 ports listed in its REQUIRED_BY file. > > Rebuild the port of openssl-1.0.0 after modifying the OPTIONS to include > MD2=on ? Not good given that MD2 is broken. Very broken, not just by a factor of 2^5 or something. Where upon rests the earlier assertion (not by Matthew) that Kerberos V needed MD2 checksums? I can't seem to find that in the KRB5 protocol and checksum RFCs. If it's not mandatory we may want to nuke MD2 from Kerberos to remedy a weakness... Chapter and Verse welcome. Thanks. -- Matthias AndreeReceived on Tue Jul 06 2010 - 20:26:07 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:05 UTC