The Sun security option  in their NFS is built into the basic Sun Remote Procedure Call (RPC) and provides authentication of both users and machines using a combination of the Needham-Schroeder  protocol which uses DES, and a public key cryptosystem that is a modification of the Diffie-Hellman key exchange system . It has long been known that the Sun system is not very secure. There are problems with the Needham-Schroeder protocol , which make it possible to defeat the timestamp system. Furthermore, the ``yellow pages'' that contain the public authentication information are not authenticated, so one can attack the security of the system by installing a bogus file. However, so far it appears that nobody has pointed out that the public key subsystem that is used by Sun is very weak. This fact makes it possible to impersonate any user with very little effort and leaving few traces.
In the Sun system, there is a prime p and an integer g that are the same for all users on all machines around the world that use this software. Each user or machine has a secret key m, and is public. Authentication involves proving that one possesses the key m. For details see .
Both the paper  and the comments in the software refer to pas a 128-bit prime. Actually, though,
|p = 5213619424271520371687014113170182341777563603680354416779||(3)|
To break the Sun system and impersonate a user with public key x, it
is only necessary to find one of the two values of m,
0 < m < p-2,