[1398] in Kerberos_V5_Development
Re: "benchmark" numbers not so bad after all
daemon@ATHENA.MIT.EDU (tytso@MIT.EDU)
Mon Jul 15 18:27:02 1996
Date: Mon, 15 Jul 1996 15:26:44 -0700
To: raeburn@cygnus.com
Cc: krbdev@MIT.EDU, kerberos-dev@cygnus.com
In-Reply-To: <tx1pw5zri3t.fsf@cygnus.com> (message from Ken Raeburn on 13 Jul
1996 16:52:38 -0400)
From: tytso@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 13 Jul 1996 16:52:38 -0400
Something occurred to me yesterday: If our ASN.1 decoder is not
enforcing the Distinguished Encoding Rules (and at a glance I would
say it is not), an attacker should be able to send multiple requests
with the same data content but differing encoding. In that case, the
lookaside cache is useless (because it compares the wire encoding),
but the replay cache would catch it. So it would be the far more
expensive replay cache that would be the real defense against this
supposed known-plaintext attack. Am I missing something?
Well, you can't use the replay cache because that doesn't save the
KDC response packet --- it just says, "replay, bad", and returns an
error code. Problem is that with UDP, if the initial response packet is
lost, and the client retransmits, the KDC must send the correct
response, instead of a replay error raspberry.
- Ted
