READ THIS ENTIRE FILE BEFORE PROCEEDING! This distribution contains a "diff" file suitable for using with the "patch" program to update your Kerberos (version 4) source tree. The gist of the patch is to replace calls to des_random_key() with calls to des_new_random_key(). The primary difference is that des_random_key() uses a seeding technique which is predictable and therefore vulnerable. des_new_random_key() uses a feedback mechanism based on the Data Encryption Standard (DES) and is seeded with a secret (and therefore unknown to an attacker) value. This value is the database master key, which is a convenient secret value. This patch assumes that you have the new_rnd_key.c key module (which contains the definition and code for des_new_random_key()). It has been part of the standard Version 4 distribution since 1992 and is used in the admin server (our primary error at MIT was not upgrading all of Kerberos to use this newer generator. This patch finishes the job). In addition to the patch file for the Kerberos distribution this distribution also contains a program for changing critical system keys (namely the "krbtgt" and "changepw.kerberos" keys). When you originally built your Kerberos database these keys were chosen at random, using the vulnerable version of the kerberos random number generator. Therefore it is possible for an attacker to mount an attack to guess these values. If an attacker can determine the key for the "krbtgt" ticket, they can construct tickets claiming to be any kerberos principal. Similarly if an attacker can obtain the "changepw.kerberos" key, they can change anyone's password. The enclosed "fix_kdb_keys.c" (part of the patch file) program, which you run on the KDC server, will change these critical keys to new values using the newer random number generator. IMPORTANT: When you run fix_kdb_keys, all outstanding ticket granting tickets will immediately become invalid. This will be disruptive to your user community. We recommend that you either do this late at night or early in the morning before most users have logged in. Alternatively pre-announce a definitive time when you will run the program and inform your users that they will have to get new tickets at that time (using either "kinit" or simply by logging out and then in again). NOTE: The only client program modified is "ksrvutil" which is used to generate new server keys. All other client/server programs are unaffected. End users do *not* need to obtain new versions of programs that use Kerberos. This is because most random number generation in the Kerberos system is done on the KDC system. By fixing kerberos.c you have repaired most of the damage. To install this patch copy patch_krb to the toplevel of your Kerberos source tree. Then type: patch -p0