Implications of Debian OpenSSL flaw for MIT PKINIT

Russ Allbery rra at
Thu May 15 10:34:45 EDT 2008

I'm chasing the various angles of the OpenSSL vulnerability recently
discovered in Debian that caused it to not properly seed the random number
generator, and I want to double-check my understanding of the implications
for the PKINIT plugin.

My understanding is:

* MIT Kerberos itself does not generate long-term key pairs even when the
  PKINIT plugin is used, so any vulnerable long-term key pairs would have
  been generated outside of the MIT Kerberos software itself.  The PKINIT
  plugin only references existing key pairs and isn't responsible for key

* All of the random session key generation inside the PKINIT plugin is
  done using the regular MIT Kerberos random key functions, *not* the
  OpenSSL random number generator, and hence sessions created via PKINIT
  are not subject to this vulnerability.

Based on that understanding, it looks to me like MIT Kerberos is not in
itself affected.  Long-term key pairs used with PKINIT may be affected if
generated on an affected Debian system, but such generation is external to
MIT Kerberos.

Can you confirm whether my understanding is correct?


(Note that, regardless, the PKINIT plugin was not present in Debian etch,
so any problems would only be in Debian testing and unstable.)

Russ Allbery (rra at             <>

More information about the krbdev mailing list