[krbdev.mit.edu #7191] KDC should use encrypted-timestamp key for reply key
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Jul 2 13:12:57 EDT 2012
After successfully processing a PA-ENC-TIMESTAMP entry in an AS request,
Heimdal's KDC uses the matching key as the reply key. We should do the
same thing, for three reasons:
1. We have immediate proof that the client possesses this particular
key. It might not have the other keys (in a keytab request situation).
2. This would prevent an enctype downgrade attack against a request
using PA-ENC-TIMESTAMP.
3. Doing this prevents the client from using knowledge of one key to
leverage a known plaintext for another key. (Not a very interesting
attack, but worth noting.)
Likewise for encrypted challenge, although of course in that case the
reply key will be strengthened.
More information about the krb5-bugs
mailing list