What is the purpose of the system clock!
Ken Raeburn
raeburn at MIT.EDU
Tue Dec 23 13:48:56 EST 2003
On Tuesday, Dec 23, 2003, at 13:23 US/Eastern, todhunter5 wrote:
> Does Kerberos use the system clock in any way to arrive at the random
> key to
> see the token?
>
In one or two places I think the MIT code still uses the clock to
perturb the random pool a bit, but the seed from /dev/random or
/dev/urandom is the real source of randomness. So, yes, technically
it's used in our implementation (Microsoft and Heimdal may behave
differently), but it has nothing to do with synchronization, and if
you're looking for a weakness, you should be looking at how
/dev/*random is or is not used, not the fact that we add in additional
sources with low randomness.
The system clock is probably also used in the generation of /dev/random
data, for example, in the timing interval between receiving packets off
the network, stuff like that.
Ken
More information about the Kerberos
mailing list