MIT Kerberos KDC crypto tasks offloaded to HSM

Ken Raeburn raeburn at MIT.EDU
Thu May 15 20:44:11 EDT 2008

On May 15, 2008, at 18:36, Chris Glidden wrote:
> Is there a public location where I might be able to view a Kerberos  
> roadmap?

Hmm... at there  
are some slides from presentations given at the last Kerberos  
Consortium board meeting; it looks like no post-meeting report has  
been posted though.  Based on feedback from some of the Consortium  
sponsors, we've been re-evaluating some of our plans.

> I am curious if there has ever been any thought directed to securing  
> the KDC
> master/root key with a Hardware Security Module.

Are you thinking of something along the lines of the secure  
coprocessor KDC integration project done by Naomaru Itoi at UMich  
several years back? (

In this project, most of the core security work of the KDC was moved  
into a tamper-resistant coprocessor card.  In order to protect not  
just the KDC master key, but also the long-lived secret keys of users  
and services, the manipulation of various Kerberos messages, including  
such things as decoding and encoding some ASN.1 types, was pushed into  
the coprocessor, while such things as database access (with entries  
partially encrypted when outside the coprocessor card) and network  
access were left outside.  And even for systems without such  
coprocessors, the separation of functionality might be beneficial  

The idea comes up now and then, but usually not with enough interest  
overall for it to become a priority for us.  Of course, the more  
demand there is for it, the more that can change...

Ken Raeburn, Senior Programmer
MIT Kerberos Consortium

More information about the krbdev mailing list