[968] in Kerberos_V5_Development
rlogin authenticator attacks
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sun Jan 21 17:20:54 1996
To: krbdev@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 21 Jan 1996 17:20:37 -0500
I would like to propose a change to rlogin similar to the
change I recently checked into krsh Basically, I would like to see a
Kerberos distribution where using a relatively secure client like
encrypted rlogin did not create a security problem if the kerberized
unencrypted rlogind was running on the server.
Currently, I can grab the authenticator used to establish an
encrypted connection, prevent it from getting to the server to avoid
the replay cache, and use the same authenticator to establish an
unencrypted connection.
I propose to include some data in the rlogin authenticator to
indicate whether the connection is encrypted; if the connection is
encrypted, then the unencrypted rlogind would not accept the
authenticator.
The obvious way of doing this is two checksum two different
constant strings. (rlogin would say checksum "rlogin" and encrypted
rlogin would checksum "rlogin -x"). I would propose to provide an
option to drop backward compatability and require the checksum, just
as I proposed for krshd.
Question (Please excuse my lack of mathematical background in
cryptography.) Are there any problems associated with using a
constant string (well, two constant strings) as data to be checksumed?
--Sam
