[krbdev.mit.edu #5957] fakeka requires master key be DES
Russ Allbery <rra@stanford.edu> via RT
rt-comment at krbdev.mit.edu
Thu May 1 02:18:14 EDT 2008
fakeka initializes the DES random number generator with the key block of
the master key. This seems a bit questionable, if not obviously broken,
in the first place, but it also retrieves the key with the following code:
if ((code = kadm5_decrypt_key(handle, &master_princ_rec,
ENCTYPE_DES_CBC_CRC, -1, 0, &mkey, NULL,
NULL))) {
com_err(argv[0], code, "while decrypting the master key");
exit(1);
}
This breaks if K/M has no des-cbc-crc key (such as with a newly built
KDC with a 3DES master key).
I discussed this briefly with Sam on Zephyr and he suggested just
removing the enctype restriction on the key retrieval and passing
whatever you got back into the des random seed function, since any other
key is going to be at least as long as a DES key.
However, more fundamentally, I think this is broken. Among other
things, the master key basically never changes, thus making it a poor
choice for a random seed.
I expect there's some other function in the Kerberos libraries that
already retrieves some random data from a system service such as
/dev/random. That should be used here as well.
More information about the krb5-bugs
mailing list