open-source cryptocard libraries
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Jan 23 14:21:27 EST 2007
>> Hm. My big issue with use-sad-as-key is that none of the tokens I have
>> seen have enough entropy where I would be comfortable using them as the
>> only source of keying material (e.g., the CRYPTOCard only gets you 32
>> bits best-case). Do you guys have a solution to that? If so, that
>> would be pretty cool.
>
>We use HOTP which gives the full range (ie 5 digits = 40 bits), I think.
>Please correct me if my thinking is flawed here.
>
>Please educate me why this is important? use-sad-as-key doesn't
>establish the session key does it? Or are you worried about online
>guessing attack.
Well, use-sad-as-key doesn't establish the session key _directly_. But
it means that only the SAD is used to encrypt the AS_REP which contains
the TGT session key. That means that no matter what keytype you have
for a session key, it's encrypted by a key that has only (in your case)
40 bits of entropy. That's a bit low for my tastes, but it all depends
on your environment and comfort level. If, for example, snooping the
AS isn't a huge concern for you, then it's not a big deal.
Hrm, are you sure about that entropy number? I took a look at RFC
4226, and it's talking about decimal digits. My math shows around 13.3
bits of entropy for 5 decimal digits. 5 hex digits would be 20 bits of
entropy (4 bits for each hex digit).
--Ken
More information about the krbdev
mailing list