open-source cryptocard libraries

Frank Cusack fcusack at fcusack.com
Tue Jan 23 01:20:30 EST 2007 

On January 21, 2007 6:30:09 PM -0500 Ken Hornstein <kenh at cmf.nrl.navy.mil> 
wrote:
>> So, we use Cryptocard here (no secret), and we have two KDCs.  What do
>> we do about it?  Nothing.
>>
>> If I implemented KB-1 cryptocard support with no updates of the seed
>> value, and posted the code, I'd expect someone to publish a
>> timing/replay attack based on talking to the slave KDC(s) within about 6
>> months.
>
> And how would the attacker know what the old cryptocard response is?

By brute forcing the AS_REQ.  If use-sad-as-key is set, game over.
If send-encrypted-sad is set, it's probably better, but presumably
you use hardware preauth to prevent against weak passwords.  But
in the case where a weak password can be guessed, send-encrypted-sad
makes the hardware auth superfluous if it can be replayed.  Both
of these cases are actually noted (to some degree) in the SAM draft.

In the default mode (neither use-sad-as-key nor send-encrypted-sad),
I don't find any problem that would reveal the combination of password
and key, however this does restrict use to SAM methods where the
SAD can be known to the KDC.  (Which does include CRYPTOCard, but
not, e.g., RSA SecurID.)

Also, use-sad-as-key has the best UI -- user has to enter ONLY the
SAD, not in addition to their password.  But of course, and as noted
in the SAM draft (kind of), this only works where the SAD is long and
complex enough to resist a brute force attack for as long as the SAD
is vulnerable to replay.

In any case, my company, TRI-D Systems (www.tri-dsystems.com) solves
this problem with a kdc plugin to talk to our server (otpd) which
then handles all the OTP stuff including global token state mgmt
and safe to use in use-sad-as-key mode.  Thus giving the possibility
to eliminate user passwords altogether but without the difficulty
of a smartcard/PKI deployment.

*AND* probably more usefully, it allows you to use the same OTP
device across multiple authentication technologies.

Except that we don't actually have a kdc plugin available yet.  It
could be written within a week of someone wanting it though.

-frank

More information about the krbdev mailing list