NSA backdoor risks in Kerberos
Nico Williams
nico at cryptonector.com
Wed Apr 2 16:58:51 EDT 2014
On Wed, Apr 2, 2014 at 1:10 AM, Chris Hecker <checker at d6.com> wrote:
> I hope this won't turn into a giant thread, I'm just looking for some
> succinct facts and/or links to thoughtful discussion, I'm not interested
> in a bunch of opinions or a flame war or anything like that, and I don't
> think that'd be appropriate for this list or help anybody. But here goes:
>
> Has there been a technical writeup of potential backdoor risks in
> Kerberos, similar to the stuff that keeps coming out about various RSA
> products:
>
> http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331
Kerberos doesn't have large-enough nonces for a Dual_EC-style attack.
Kerberos isn't used on a large enough scale to be worth backdooring.
Any backdoor is likely to be found only in implementations, not the
protocol on account of backdooring protocols being a difficult and
risky task.
Nico
--
More information about the Kerberos
mailing list