[32051] in Kerberos
Re: Question about cryptographic protection of message fields
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Feb 15 18:37:22 2010
From: Greg Hudson <ghudson@mit.edu>
To: Fernando =?ISO-8859-1?Q?Pere=F1=EDguez?= Garcia <pereniguez@um.es>
In-Reply-To: <BEB82929-808F-4C02-A3E7-7E14409BACAA@um.es>
Date: Mon, 15 Feb 2010 18:37:13 -0500
Message-ID: <1266277033.20257.236.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mon, 2010-02-15 at 08:51 -0500, Fernando Pereñíguez Garcia wrote:> Hi all,> Looking for into the Kerberos specification and the MIT> implementation, I've found that not all the fields defined in the> Kerberos messages are cryptographically protected. For example, in the> KDC-REQ/KDC-REP, the padata field is sent in clear and (at least) is> not integrity protected. Therefore, an attacker can change the> information contained in any of these fields and the client is not> able to detect this attack. For this reason, I was wondering if my> conclusions are right.
Yes, some fields of the Kerberos message exchanges are unprotected, andthe design of what goes into those fields needs to take that intoaccount. Also see the security considerations section of RFC 4120 forsome consequences, such as this:
Kerberos credentials contain clear-text information identifying the principals to which they apply. If privacy of this information is needed, this exchange should itself be encapsulated in a protocol providing for confidentiality on the exchange of these credentials.
There is a new extension called FAST which protects more of the KDCexchange when used; see:
http://tools.ietf.org/html/draft-ietf-krb-wg-preauth-framework-15
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
