[280] in Kerberos
Re: Kerberos timestamps
daemon@TELECOM.MIT.EDU (Steve Miller)
Tue Dec 8 14:45:55 1987
From: miller%erlang.DEC@DECWRL.DEC.COM (Steve Miller)
To: kerberos@ATHENA.MIT.EDU, MILLER@DECWRL.DEC.COM
In reply to the three previous messages on this.
I agree with Jeff and Jerry.
Jennifer's message refers to two distinct timestamps used for two different
purposes. Both timestamps are completely implemented in the protocol messages.
The first, sent from a client to Kerberos and back, is really just a bookeeping
aid for the client. The Kerberos server COULD detect that the client's
timestamp is too far out of whack and reject it, but in the version of
the code I have (year and a half old) it doesn't.
The second, the time_sec[kkds] (section 7.1.2) on the auth_reply message
serves two purposes. First, it provides an authenticated timestamp of the
KDC as a reference. The (old) client code does indeed check this time against
the local time, and causes an error if it is too far off. The second
purpose it serves is to detect modification of the reply message. Based
on the way the crypto algorithms work, modifying only a single bit
anywhere in the encrypted part of the message preceeding the time_sec[kkds]
will cause approximately half of the bits in time_sec[kkds] to change.
This would most likely result in a time_sec[kkds] that is out of range
with respect to local time, so an error is caused. So this serves as
a mechanism to protect the client against forged/modified messages
returned from the Kerberos server.
Timestamps are used in a similar fashion in the exchange between a
client and server, sections 7.1.3, and are embedded in tickets. They can detect
certain replay attempts and modification attempts. They
are also used to enforce the expiration of tickets, based on the
timestamp plus lifetime.
Steve
