Challenging clients, why another ping-pong?
Rick van Rein
rick at openfortress.nl
Mon Feb 3 09:41:35 EST 2014
Hello,
GSSAPI-based protocols have an option of challenging a client with a counter value. This is done after the client submits a ticket.
Looking at SPNEGO (and probably other protocols as well) I see that the server can take the initiative for an GSSAPI exchange, and when doing so, it could already challenge the client.
The way I see it, asking a client to decrypt *anything* is possible, as long as the result is unpredictable to the client of course. For instance, a random byte series could be created by the server and sent to the client for decryption. Whatever the block cipher makes of that, is the proper answer; the server can make the same computation when it receives the ticket (with the session key) and the response to the challenge (decrypted with the session key).
This would save a back-and-forth hop. Why is this not done? Are there cryptographic reasons that I am missing?
Thanks,
-Rick
More information about the Kerberos
mailing list