KDC replay cache unnecessary?

Frank Cusack fcusack at fcusack.com
Thu Mar 13 21:52:26 EST 2003

Apologies if you get this message multiple times, I tried sending to
heimdal but it doesn't seem to be getting through.  Adding krbdev as
it's generally applicable.

[I assert that ...]
Applications that use encryption with the shared session key do not need
a replay cache.

- An attacker replaying an authenticator will not be able to communicate
  with the service, so
- an attacker that /can/ communicate with the service must have the session
  key; an attacker with the session key has no need to replay authenticators.

Since replies from the TGS are encrypted with the session key, in order
to get any benefit from a replayed authenticator, the attacker must
break the session key.

Therefore isn't the KDC replay cache unnecessary?

This is an important question, because, AFAIK, multiple KDCs do not keep
their replay caches in sync (referring to unix implementations only).
If the replay cache is actually necessary, this is a major problem.

I've seen some notes about replay cache issues (in general) in heimdal,
can someone clarify the current state of affairs?

On Thu, Aug 22, 2002 at 04:21:25PM +0200, Daniel Kouril wrote:
> On Thu, Aug 22, 2002 at 10:12:28AM -0400, Ken Hornstein wrote:
> > 
> > I sure hope your Kerberos implementation includes a replay cache
> To quote from Heimdal's TODO:
> "the replay cache is, in its current state, not very useful"


More information about the krbdev mailing list