RT/krbdev.mit.edu: Ticket #5957 fakeka requires master key be DES

RT/krbdev.mit.edu: Ticket #5957 fakeka requires master key be DES

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
5957

Status
new

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-kdc
Version_reported	1.6.3
Version_Fixed
Target_Version
Tags

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

Dates

Created:	Thu May 1 02:18:11 2008
Starts:	Not set
Started:	Not set
Last Contact:	Not set
Due:	Not set
Updated:	Thu May 1 02:18:14 2008 by rra

People

Owner
Nobody
Requestors
Russ Allbery <rra@stanford.edu>
Cc

AdminCc

More about Russ Allbery

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

4114: no mechanism for timing out DNS lookups (new)
5126: krb5_verify_init_creds behaves badly with a ticket cache (new)
5583: support include in the profile library (new)
5955: krb5kdc and kadmind could drop privileges after binding (new)
5957: fakeka requires master key be DES (new)
5958: kadmin enctype naming for DES is deceptive (new)
5959: Missing fakeka documentation (new)
6343: klist should mark expired tickets (new)
6344: kadmind support for binding to specific local IPs (new)
6345: no kdb5_util stash equivalent with LDAP database (new)
6346: domain_realm docs need update for referrals (new)
6347: kadmin -keepold documented as not supported for LDAP but appears to work (new)

History

Display mode: [Brief headers] [Full headers]

Thu May 1 02:18:12 2008

rra - Ticket created

Subject: fakeka requires master key be DES

fakeka initializes the DES random number generator with the key block of
the master key.  This seems a bit questionable, if not obviously broken,
in the first place, but it also retrieves the key with the following code:

    if ((code = kadm5_decrypt_key(handle, &master_princ_rec,
                                  ENCTYPE_DES_CBC_CRC, -1, 0, &mkey, NULL,
                                  NULL))) {
        com_err(argv[0], code, "while decrypting the master key");
        exit(1);
    }

This breaks if K/M has no des-cbc-crc key (such as with a newly built
KDC with a 3DES master key).

I discussed this briefly with Sam on Zephyr and he suggested just
removing the enctype restriction on the key retrieval and passing
whatever you got back into the des random seed function, since any other
key is going to be at least as long as a DES key.

However, more fundamentally, I think this is broken.  Among other
things, the master key basically never changes, thus making it a poor
choice for a random seed.

I expect there's some other function in the Kerberos libraries that
already retrieves some random data from a system service such as
/dev/random.  That should be used here as well.

Download (untitled) 1.1k