[16516] in Kerberos_V5_Development
Comments on the checksum vulnerabilities
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Dec 3 10:15:45 2010
From: Sam Hartman <hartmans@mit.edu>
To: krbdev@mit.edu
Date: Fri, 03 Dec 2010 10:15:23 -0500
Message-ID: <tsl62varipg.fsf@carter-zimmerman.suchdamage.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I'd like to draw people's attention to a blog post I made on the
checksum vulnerabilities. I would like to start a discussion on what if
anything we still need to fix and on what we did wrong to get here.
http://www.painless-security.com/blog/2010/12/03/bad-hair-day-for-kerber
Initial thoughts:
* Is it desirable that you have to make an extra step when verifying a
checksum to make sure it is keyed?
* People were probably assuming that if a checksum works with a given
key and it is a keyed checksum, then it is a right kind of checksum
for that key from a security standpoint. Roughly, this is close to
assuming that checksums should either be unkeyed or work with one kind
of key. I think we want to make this actually true going forward.
* People assumed something similar when finding a keyed checksum.
* Documentation might have heleped.
However I feel like there is something I'm missing in here somewhere.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
