Proposed modifications to replay cache to prevent false positives
Ken Raeburn
raeburn at MIT.EDU
Thu Jun 2 14:57:33 EDT 2005
On Jun 2, 2005, at 14:52, I wrote:
> On Jun 2, 2005, at 11:21, Roland Dowdeswell wrote:
>> 2. the hash should be performed on the authenticator prior
>> to decryption so that the ticket used is implicitly
>> part of the hashed data (since it's session key should
>> be different than any other session key) and the
>> authenticator's IV should eliminate the chance of
>> false positives using the same ticket.
>
> The session key is [...blah blah blah]
Sorry, I misread your statement the first time. Yes, I agree with
it... though I'd clarify it as using the ciphertext of the
authenticator -- if we can't successfully decrypt the authenticator, we
probably shouldn't bother with the replay cache bits. (I.e., "prior
to" means which version, not necessarily the order of operations.)
Ken
More information about the krbdev
mailing list