wrong checksum type for arcfour-hmac-md5

Stefan (metze) Metzmacher metze at samba.org
Tue Dec 28 08:25:47 EST 2010 

Am 16.09.2010 18:47, schrieb Nicolas Williams:
> On Thu, Sep 16, 2010 at 12:39:32PM -0400, Greg Hudson wrote:
>> On Thu, 2010-09-16 at 12:21 -0400, Luke Howard wrote:
>>> Here we have to balance security against interoperability. Is it
>>> possible to get the third-party server fixed?
>>
>> I don't think there's a security issue here; the authenticator checksum
>> doesn't need to be keyed.  The question is what the fix looks like:
>>
>> 1. Samba uses a proper GSSAPI checksum in its homegrown GSSAPI code.
>> This is the ideal fix, but might be too difficult.
>>
>> 2. Samba uses krb5_auth_con_set_req_cksumtype() to cause an MD5 checksum
>> to be used when the enctype is RC4.
>>
>> 3. MIT krb5 switches to using MD5 checksums with RC4 keys in
>> authenticators only.
>>
>> The downside of (3) is that it's extra complexity in our code base for
>> the sake of an improper use case (Samba using regular AP-REQ checksums
>> in a GSSAPI AP-REQ).  The upside is that it makes us consistent with
>> Heimdal and MS clients.
> 
> I prefer (1) -- it's not that hard since MIT krb5 already has the
> necessary hook for this, and that is how the MIT krb5 GSS mech installs
> that 0x8003 "checksum".  Besides, it will give Samba's implementation of
> the krb5 mech a better chance to evolve, which will probably turn out to
> be necessary in the future.
> 
> (Incidentally, many, many years after RFC1964 we're still paying a
> price for that 0x8003 hack.  It pays to do things cleanly.)

I've fixed it using the 0x8003 checksum in cifs-utils.

This discovered we used a strange method to specify null channel bindings
in samba. Now we use 16 zero bytes to specify GSS_C_NO_CHANNEL_BINDINGS
correctly.
That finally fixed the bug.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20101228/5aab93a4/attachment.bin

More information about the krbdev mailing list