Comments on the checksum vulnerabilities

Sam Hartman hartmans at MIT.EDU
Fri Dec 3 13:57:54 EST 2010

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> On Fri, 2010-12-03 at 13:31 -0500, Sam Hartman wrote:
    >> Are there any differences between the Heimdal and MIT style
    >> checks for current checksums?

    Greg> Not really; I guess this isn't really a practical issue as
    Greg> long as enctypes and checksums continue to be introduced in
    Greg> lock step.

I think that's my argument.
The two models are likely to be the same unless we introduce a checksum
that is not in lock step with an enctype.
It would be difficult to do that  for the reasons Greg described.
However if we did that, I'm not sure why we'd want the Heimdal model.

So, if the Heimdal model is easier to implement, I'm happy to switch to
it.  I just think conceptually we'd be using the MIT model in the sense
that if we intentionally were to introduce a checksum that was a second
checksum for an enctyype, I'd expect us to permit code to work with that
checksum at the same time we introduced it.


More information about the krbdev mailing list