[17037] in Kerberos_V5_Development
Re: FAST cookies
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Jul 17 14:51:34 2011
From: Greg Hudson <ghudson@mit.edu>
To: Linus Nordberg <linus@nordu.net>
In-Reply-To: <87pql9rppq.fsf@nordberg.se>
Date: Sun, 17 Jul 2011 14:51:29 -0400
Message-ID: <1310928689.2694.213.camel@t410>
Mime-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Sun, 2011-07-17 at 09:39 -0400, Linus Nordberg wrote:
> (Background re nonce: There's a kdc generated nonce (in the 4-pass
> variant). This nonce is primarily used kdc for authenticating the
> client by using the Client Key to decrypt the encData field of the
> PA-OTP-REQUEST. A match with what was sent by the kdc in the
> PA-OTP-CHALLENGE proves client possession of the Client Key.)
I believe there is no real need to protect against nonce replays. In
fact, we could let the client choose the value to encrypt, as we do in
OTP 2-pass and in encrypted challenge.
I'm going to raise this issue on krb-wg, though. I think the OTP draft
may be unnecessarily complex for 4-pass.
> Judging from previous postings to the list regarding replay attacks
> and OTP,
I think some of the previous discussion may have confused replays of the
nonce with replays of the OTP token value itself.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
