15 Jun
2015
15 Jun
'15
10:36 a.m.
On Sun, Jun 14, 2015 at 10:19 PM, brendan kearney <bpk678@gmail.com> wrote:
Well, keytab contains the key[s] (which may have been derived from user's secret) so AFAI understand they are password equivalent.
Regards, Isaac B.
agreed, hence my "less insecure" notion, but those Risk Management types can check their check box about passwords not being stored in the clear on the file system.
To be more accurate it might depend on the key type. Generally RC4 keys are unsalted hash of the password (specifically nt-hash, see RFC 4757). Perhaps salted keys could be considered somewhat better.