KDC TGT enctype selection question
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Dec 4 17:23:17 EST 2023
>I would go even further and say that it is a design assumption of MIT krb5
>that all KDCs are just separate instances of the same logical instance and are
>assumed to behave "identically" (i.e., with identical configuration).
I'm going to reiterate my earlier statement: THIS IS NOT AN ANSWER TO MY
QUESTION.
>As Nico says, this particular case seems like the KDC knowing that the enctype
>list is sorted strongest-to-weakest, and also knowing that "the KDC" is the
>only entity that can create this ciphertext, so enforcing that the strongest
>key is being used and preventing by construction any brute-force or other
>attacks on krbtgt keys of other enctypes.
I'm a little unclear how you could try brute-forcing the "wrong" TGT key
in this situation without submitting 2^keylength TGT requests. Again,
it is possible I am missing something.
--Ken
More information about the krbdev
mailing list