[3670] in Kerberos
Re: S/KEY integrated with Kerberos?
daemon@ATHENA.MIT.EDU (Josh Osborne)
Mon Aug 8 15:09:01 1994
From: stripes@uunet.uu.net (Josh Osborne)
To: sommerfeld@apollo.hp.com (Bill Sommerfeld)
Date: Mon, 8 Aug 1994 14:51:37 -0400 (EDT)
Cc: hendrick@ctron.com, bcn@isi.edu, kerberos@MIT.EDU
In-Reply-To: <9408081724.AA14337@relay.hp.com> from "Bill Sommerfeld" at Aug 8, 94 01:24:24 pm
>> P. S. Has anyone thought about how to keep the sequence numbers in-sync across
>> multiple KDCs ??
>
>Short answer: use the S/Key "seed" with a different seed for each KDC
>replica. (This sort of punts the whole question, but it avoids
>needing to update state in real time, since you don't want to actually
>issue the new ticket to the user until the S/Key database has been
>updated (to avoid obvious replay attacks).
[...summery of problems...]
You missed an important problem. There are 2 "modes" S/Key is normally
used in. In one the user has something they trust (and a trusted path
to it) that can compute the passphrase from the seed (I assume you mean
the thing S/Key refers to as "key", not the secret) & sequence number &
the secret. In this mode there is no problem with having a diffrent
seed (not secret) per KDC. In the other mode the user prints a small
slip of paper with a bunch of one-time passphrases on it, and they take
it with them. In that mode having one seed (or secret!) per KDC could
be quite a problem, since it multiplies the amount of paper you need to
take on a trip to ensure you can login for a week. It also is a problem
when a new KDC is installed. (with a local S/Key calculator, as long as
only the "key" and not the secret is diffrent on each KDC one can install
new KDC's without impact existing users)
I susspect much of the popularity of S/Key is due to the fact that it gives
one-time keys without requireing hardware for everyone, not any of it's other
aspects. Hopefully we can find a way to preserve this feature, at least
to some extent. (I susspect that much of the rest of the popularity is
that "S/Key calculators" can be made out of Mac's, PC's, and even the
HP48 calculator (and I susspect many other programmable calculators...))
