need project review

Will Fiveash William.Fiveash at sun.com
Mon Apr 7 20:09:35 EDT 2008 

On Mon, Apr 07, 2008 at 08:50:13PM +0100, Tim Alsop wrote:
> Nico,
> 
> The point I am trying to make is if you use a stash file you only need
> to keep the LATEST master key, but if you use a keytab (as somebody
> suggested in an earlier email) you would store the latest, as well as
> all previous master keys. Our product stores all master keys in the DB
> and encrypts them all with the latest master key, so we have some added
> protection of the master keys. As you know, keys in a keytab file are
> not encrypted so the keytab could be stolen to obtain the actual master
> keys. Yes, the stash file could also be stolen, but at least it would
> only contain the later master key, and not all of them.

As others have said, if one has the latest mkey, whether it's in a stash
file or in a keytab, and the KDB they've got it all.  So I don't believe
security is a new issue with my design.

Note that in the Desired changes section of the project it is stated:

    The point of this small project is to change the format of the
    master key stash file to that of a keytab type file. This will allow
    the master key's KVNO to be stored along with its enctype and key
    data which in turn will enable an efficient implementation of master
    key updating.

So the point is to store an mkey with the associated KNVO (this will
come in handy in a follow on project to support updating the master key
and migrating KDB entries).  That > 1 mkey can be stored in a keytab is
a secondary point however I'm wondering if this feature could be put to
good use in regards to dealing with a corrupted K/M princ, perhaps
allowing reconstruction of the princ using the keys in the keytab.
Other than that I'm not sure what purpose keeping the older mkeys in the
keytab would serve.

> If somebody is very concerned about master key protection they can chose
> not to use any stash file, and they will be prompted for a password
> during daemon start-up - the password will be used to derive the latest
> master key, and this will be used to get access to older master keys if
> needed.

True and the MIT KDC daemons currently support this.

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/

More information about the krbdev mailing list