Armor key negotiation in FAST Simon.Jansen at
Mon Oct 29 04:26:59 EDT 2012

Hi Greg,

thank you for your explanation. 
I was missing that the host key is much more strong and as a result not as vulnerable to dictionary attacks than user passwords.

So if I put everything together that I read so far the tunnel is established as follows with a host TGT.
1. Obtain a TGT (called armor TGT) for the host principal without FAST armoring but with pre-authentication (encrypted timestamp)
2. Extract the session key and the subkey from the armor TGT and build the armor key with the KRB-FX-CF2 function
3. Use the built armor key for encrypting the AS conversation of the user principal and for ensuring the integrity

Referring to the RFC standard on page 27 the KrbFastArmoredReq includes an armor field of the type KrbFastArmor that identifies the armor key. Does this field include the information which host principal was used to build the armor key or how does the KDC know which TGT was used for armoring the request?


More information about the Kerberos mailing list