review of Projects/replay_cache_collision_avoidance, ending Jan. 12

Greg Hudson ghudson at MIT.EDU
Sun Dec 28 19:59:09 EST 2008

I have two comments:

1. I don't see why it is necessary to store and compare the full
authenticator text.  The consequences of a false hash collision are a
false replay denial; but the odds of this happening by accident are
vanishingly low, even if the hash function is insecure.  (And if it
happens on purpose, we don't care.)

2 If we are storing the full authenticator text, I'm not sure that it
will save any time to also store a hash.  Comparing two different
authenticators should be fast because we can stop as soon as we hit the
first byte which differs.  Also, the time spent reading the record will
be comparable to the time spent comparing it.

More information about the krbdev mailing list