The history key

[Henry B. Hotz]

On Jan 14, 2010, at 9:03 AM, krbdev-request at mit.edu wrote:

> If you're point is that a tool could re-key the history, then I would
> agree, and that'd be nice.  I'm not sure what priority I'd give such a
> tool, however.


I initially thought that re-keying history was needed, but changed my mind in favor of using a one-way hash.  This was done as an external plug-in for Heimdal so it couldn't leverage any of the built-in conveniences easily.  

I decided it was sufficient to use a keyed hash with multiple key versions.  If someone stole the history DB and the history key, I can rev the master history key for new entries, but still use the existing history.

I have a hard time imagining someone stealing the history DB without also stealing the main Kerberos DB, so I see no practical advantage to making PW history more secure than the main DB.  My management would not be terribly concerned if we had to throw away password history as long as we still had it implemented for new passwords (which would pass the audit requirements).

I don't know if this info is useful, but it's a data point for a utilizing organization.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu