What happens if key in keytable file is compromised?

[Michael B Allen]

On Wed, 1 Nov 2006 17:14:17 +0000
"Nali Miah" <nali.miah at googlemail.com> wrote:

> Hi,
> 
> I have a query which I hope someone can enlighten me on.
> 
> As I understand it, a random session key is issued by the KDC when the
> TGS-REQ is sent back to the client and this same session key is also stored
> inside the service ticket. The service ticket is sent to the server where it
> is decrypted using the service principal key found in the key table file on
> the server.
> 
> So, with this in mind, if somebody manages to get a copy of the key in the
> key table file (it's not important how, but imagine if they did), they could
> use this key to decrypt a service ticket as it is transmitted across the
> network inside a gss token inside of which, they will find the session key.
> 
> If they had captured network traffic, now that they have the session key
> which was used for encryption and decryption during the users logon session,
> surely they can read the captured data which was supposed to be
> confidential?

Yes. If an interloper has the kerberos key they can decrypt tickets.

> Is my understanding above correct, or is the key used by gss_wrap and
> gss_unwrap calculated in some way, so that knowing the session key inside
> the service ticket, the gss wrapped (i.e. encrypted) data cannot be
> decrypted?

Data encrypted with the session key can be decrypted with the session
key. The session key is in the ticket. Therefore if the interloper can
decrypt the ticket they can get the session key and use it to decrypt data
just like a legitimate peer. If the captured traffic does not contain
the ticket supplied by the client during the authentication phase then
the interloper will not have the session key and will not be able to
decrypt any data encrypted with it.

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/