[389] in Kerberos
Re: faster encrypted rlogin
daemon@TELECOM.MIT.EDU (Mike Kazar)
Mon Jun 6 18:29:59 1988
From: Mike Kazar <kazar+@andrew.cmu.edu>
To: kerberos@ATHENA.MIT.EDU
In-Reply-To: <8806052021.AA27194@BINKLEY.MIT.EDU>
Your message doesn't specify what data you are encrypting with your DES/XOR
scheme, so I'm not sure how important the attack I'll describe here is.
However, you should note that XOR-based encryption schemes, while not
vulnerable to decipherment, are quite vulnerable to tampering in an environment
where the cleartext is known.
So, for instance, if I have a ticket authenticating me as "bogon", and it is
encrypted via your scheme (using DES/XOR with these quasi-random numbers), then
if I can find the ticket in the cleartext (which should be easy, given the
sources), I can change the ticket to authenticate me as "kazar" instead of
"bogon" by XORing the ticket with ("kazar" XOR "bogon").
Of course, as I said, above, if you're encrypting data that you don't mind
being tampered with invisibly, then this objection doesn't matter.
