Implications of Debian OpenSSL flaw for MIT PKINIT
rra at stanford.edu
Thu May 15 10:34:45 EDT 2008
I'm chasing the various angles of the OpenSSL vulnerability recently
discovered in Debian that caused it to not properly seed the random number
generator, and I want to double-check my understanding of the implications
for the PKINIT plugin.
My understanding is:
* MIT Kerberos itself does not generate long-term key pairs even when the
PKINIT plugin is used, so any vulnerable long-term key pairs would have
been generated outside of the MIT Kerberos software itself. The PKINIT
plugin only references existing key pairs and isn't responsible for key
* All of the random session key generation inside the PKINIT plugin is
done using the regular MIT Kerberos random key functions, *not* the
OpenSSL random number generator, and hence sessions created via PKINIT
are not subject to this vulnerability.
Based on that understanding, it looks to me like MIT Kerberos is not in
itself affected. Long-term key pairs used with PKINIT may be affected if
generated on an affected Debian system, but such generation is external to
Can you confirm whether my understanding is correct?
(Note that, regardless, the PKINIT plugin was not present in Debian etch,
so any problems would only be in Debian testing and unstable.)
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev