RT RT/krbdev.mit.edu: Ticket #7191 KDC should use encrypted-timestamp key for reply key Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
7191
Status
new
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Mon Jul 2 13:12:56 2012
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Not set
Updated: Mon Jul 2 13:12:57 2012 by ghudson
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Mon Jul  2 13:12:56 2012  ghudson - Ticket created    
     
Subject: KDC should use encrypted-timestamp key for reply key

After successfully processing a PA-ENC-TIMESTAMP entry in an AS request,
Heimdal's KDC uses the matching key as the reply key.  We should do the
same thing, for three reasons:

1. We have immediate proof that the client possesses this particular
key.  It might not have the other keys (in a keytab request situation).

2. This would prevent an enctype downgrade attack against a request
using PA-ENC-TIMESTAMP.

3. Doing this prevents the client from using knowledge of one key to
leverage a known plaintext for another key.  (Not a very interesting
attack, but worth noting.)

Likewise for encrypted challenge, although of course in that case the
reply key will be strengthened.


Download (untitled) 687b