Proposed modifications to replay cache to prevent false positives
hartmans at MIT.EDU
Thu Jun 2 13:33:16 EDT 2005
>>>>> "Roland" == Roland Dowdeswell <elric at imrryr.org> writes:
Roland> 2. the hash should be performed on the authenticator
Roland> prior to decryption so that the ticket used is implicitly
Roland> part of the hashed data (since it's session key should be
Roland> different than any other session key) and the
Roland> authenticator's IV should eliminate the chance of false
Roland> positives using the same ticket.
I'm not at all sure about this. You need to make sure that there
aren't changes to the ciphertext (for example padding, changing ASN.1
wrappers) that can cause the hash to change but not change the
underlying semantic content.
More information about the krbdev