Replay cache extension design issue
Greg Hudson
ghudson at MIT.EDU
Tue Jan 13 12:20:38 EST 2009
On Tue, 2009-01-13 at 11:58 -0500, ghudson at MIT.EDU wrote:
> My first idea for a band-aid is to make the extension records include
> the client and server principle strings, so that they stand alone
> (superceding, rather than augmenting, the old-style records which are
> also written out). Of course, that requires cramming the client
> principal string, server principal string, and hash string into the
> server principal field of a record. Maybe someone else has a more
> elegant idea.
Tom had the interesting idea of writing out triplets:
extension record containing hash
old-style record
extension record containing hash
That's resistant to precise reversal (which is what our code does),
though not to arbitrary reordering.
More information about the krbdev
mailing list