What happens if key in keytable file is compromised?

[Ken Raeburn]

On Nov 1, 2006, at 12:14, Nali Miah wrote:
> So, with this in mind, if somebody manages to get a copy of the key  
> in the
> key table file (it's not important how, but imagine if they did),  
> they could
> use this key to decrypt a service ticket as it is transmitted  
> across the
> network inside a gss token inside of which, they will find the  
> session key.
>
> If they had captured network traffic, now that they have the  
> session key
> which was used for encryption and decryption during the users logon  
> session,
> surely they can read the captured data which was supposed to be
> confidential?

The basic GSSAPI protocol doesn't do a DH exchange or any other sort  
of perfect forward secrecy protection, so yes, previously recorded  
data could be revealed if the attacker got the service key.  Some  
protocols may use GSSAPI or Kerberos inside a stream protected by SSL/ 
TLS, though, and there's been discussion of adding some sort of PFS  
to Kerberos.

It's also possible for an attacker with the service key to print up  
service tickets "proving" them to be anyone they want, including some  
user whose account is to be attacked, or even an administrator, so  
depending on the service, they may be able to look at other private  
data that wasn't recently sent over the wire, etc.

Ken