Proposed modifications to replay cache to prevent false positives

Ken Raeburn raeburn at MIT.EDU
Thu Jun 2 14:57:33 EDT 2005

On Jun 2, 2005, at 14:52, I wrote:
> On Jun 2, 2005, at 11:21, Roland Dowdeswell wrote:
>> 	2.  the hash should be performed on the authenticator prior
>> 	    to decryption so that the ticket used is implicitly
>> 	    part of the hashed data (since it's session key should
>> 	    be different than any other session key) and the
>> 	    authenticator's IV should eliminate the chance of
>> 	    false positives using the same ticket.
> The session key is [...blah blah blah]

Sorry, I misread your statement the first time.  Yes, I agree with 
it... though I'd clarify it as using the ciphertext of the 
authenticator -- if we can't successfully decrypt the authenticator, we 
probably shouldn't bother with the replay cache bits.  (I.e., "prior 
to" means which version, not necessarily the order of operations.)


More information about the krbdev mailing list