Kerberos 4 keys not so random?

[23 February 1996] Researchers at Purdue's COAST laboratory uncovered a significant weakness in the Kerberos Version 4 key server, according to reports circulated on 16 February. CERT advisory CA-96.03, distributed 21 February, confirmed the problem, which concerns only key distribution centers, not clients or servers, and provided patch information. According to the COAST announcement, Steve Lodin and Bryn Dole, graduate students working with Prof. Gene Spafford,
discovered a method whereby someone without privileged access to most implementations of a Kerberos 4 server can nonetheless break secret session keys issued to users. This means that it is possible to gain unauthorized access to distributed services available to a user without knowing that user's password. This method has been demonstrated to work in under 5 minutes, on average, using a typical workstation, and sometimes as quickly as 12 seconds.
The researchers also found that Kerberos Version 5 exhibited a
small, theoretical weakness in Kerberos version 5 that would allow similar access, given some additional information and considerable preliminary computation. Kerberos version 5 does not exhibit the same weakness as described above for Kerberos version 4.
Later reports gave the following timings for cracking session keys:
SPARC 5: average time to crack session key = 26.2 seconds (std dev 14.7 over 223 trials); longest = 48.7 seconds; shortest = .3 seconds.
DEC Alpha: average time = 5.8 seconds with std dev of 3.3; longest = 10.9 seconds; shortest = .2 seconds.