FAST cookies
Greg Hudson
ghudson at MIT.EDU
Sun Jul 17 14:51:29 EDT 2011
On Sun, 2011-07-17 at 09:39 -0400, Linus Nordberg wrote:
> (Background re nonce: There's a kdc generated nonce (in the 4-pass
> variant). This nonce is primarily used kdc for authenticating the
> client by using the Client Key to decrypt the encData field of the
> PA-OTP-REQUEST. A match with what was sent by the kdc in the
> PA-OTP-CHALLENGE proves client possession of the Client Key.)
I believe there is no real need to protect against nonce replays. In
fact, we could let the client choose the value to encrypt, as we do in
OTP 2-pass and in encrypted challenge.
I'm going to raise this issue on krb-wg, though. I think the OTP draft
may be unnecessarily complex for 4-pass.
> Judging from previous postings to the list regarding replay attacks
> and OTP,
I think some of the previous discussion may have confused replays of the
nonce with replays of the OTP token value itself.
More information about the krbdev
mailing list