[35990] in Kerberos
Re: NSA backdoor risks in Kerberos
daemon@ATHENA.MIT.EDU (Nico Williams)
Wed Apr 2 16:59:08 2014
MIME-Version: 1.0
In-Reply-To: <533BA9EB.6080308@d6.com>
Date: Wed, 2 Apr 2014 15:58:51 -0500
Message-ID: <CAK3OfOi1t8+UpCRdGkWtaYeYJnaiidVjgcYH+TcU-FovoEYRAQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Chris Hecker <checker@d6.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, Apr 2, 2014 at 1:10 AM, Chris Hecker <checker@d6.com> wrote:
> I hope this won't turn into a giant thread, I'm just looking for some
> succinct facts and/or links to thoughtful discussion, I'm not interested
> in a bunch of opinions or a flame war or anything like that, and I don't
> think that'd be appropriate for this list or help anybody. But here goes:
>
> Has there been a technical writeup of potential backdoor risks in
> Kerberos, similar to the stuff that keeps coming out about various RSA
> products:
>
> http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331
Kerberos doesn't have large-enough nonces for a Dual_EC-style attack.
Kerberos isn't used on a large enough scale to be worth backdooring.
Any backdoor is likely to be found only in implementations, not the
protocol on account of backdooring protocols being a difficult and
risky task.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
