blob: ec5ce0087cc1987d7f1b0dad37ff0b4a0d092e01 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
-*- text -*-
* unix_time.c also exists in ../krb4, and they're different; both
should probably call into the krb5 support anyways to avoid
duplicating code.
* namespace intrusions
* Check include/kerberosIV/des.h and see if all the prototyped
functions really are necessary to retain; if not, delete some of
these source files.
* Much of this code requires that DES_INT32 be *exactly* 32 bits, and
4 bytes.
* Array types are used in function call signatures, which is unclean.
It makes trying to add "const" qualifications in the right places
really, um, interesting. But we're probably stuck with them.
* quad_cksum is totally broken. I have no idea whether the author
actually believed it implemented the documented algorithm, but I'm
certain it doesn't. The only question is, is it still reasonably
secure, when the plaintext and checksum are visible to an attacker
as in the mk_safe message?
* des_read_password and des_read_pw_string are not thread-safe. Also,
they should be calling into the k5crypto library instead of
duplicating functionality.
|
