Question about cryptographic protection of message fields
Fernando Pereñíguez Garcia
pereniguez at um.es
Mon Feb 15 08:51:55 EST 2010
Hi all,
Looking for into the Kerberos specification and the MIT implementation, I've found that not all the fields defined in the Kerberos messages are cryptographically protected. For example, in the KDC-REQ/KDC-REP, the padata field is sent in clear and (at least) is not integrity protected. Therefore, an attacker can change the information contained in any of these fields and the client is not able to detect this attack. For this reason, I was wondering if my conclusions are right.
Thanks in advance,
Fernando.
---
------------------------------------------------------
Fernando Pereñíguez García
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science
University of Murcia
30100 Murcia - Spain
Phone: +34 868 887882
E-mail: pereniguez at um.es
------------------------------------------------------
More information about the Kerberos
mailing list