[7007] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (Joe Kovara)
Thu Apr 4 02:12:50 1996
To: kerberos@MIT.EDU
Date: Wed, 03 Apr 1996 16:22:29 GMT
From: joek@CyberSafe.com (Joe Kovara)
basch@lehman.com (Richard Basch) wrote:
>Basically, the session keys are determined by the KDC based on the what
>the user says he can support and what the KDC believes the service can
>support. If the service can support 3-DES and the user has allowed the
>use of 3-DES, 3-DES session keys may be returned by the KDC, thus
>increasing session security.
It goes beyond the client's and server's keys: the the TGS's key is
one service key that *really* needs to be protected. Unfortunately,
we are constrained in our ability to protect those keys (it goes
beyond what crypto the client and server support). This gets pretty
twisted, and was discsussed in this news group last spring and summer.
Which is the reason for the proposed change to the e/k-type
interpretation (see posting by Cliff Neumann, June 27, 1995, "Proposed
change: etype and keytype in V5 Kerberos").
>At the moment, I viewed 3-DES as something that would certainly be
>necessary in the near term to avoid the compromise of service keys and
>user keys, rather than short-lived session keys. I don't believe there
>is much of a belief that the short session lifetimes are readily
>compromised today if they still employ DES security. However, since we
>invested the time into integrating 3-DES into Kerberos V5, we also took
>the proactive approach to employing 3-DES even at the session level,
>when possible.
It goes beyond the session key lifetime. Key strenth also depends on
the required confidentiality lifetime of the information protected by
the (session) key. Breaking a session key within the key's lifetime
allows an attacker to modify the message stream. Breaking the key the
week after (assuming they have recorded the session traffic) allows an
attacker access to the information, which may be all they want, or all
they need to mount a successful second-stage attack (e.g., using
information obtained from an administrator's session). Protecting the
session with 3-DES would be prudent for certain types of information.
Joe Kovara / Director of Engineering / CyberSafe Corp.
1605 NW Sammamish Road, Suite 310 / Issaquah, WA 98027
joek@cybersafe.com / 206-391-6000 (phone) / 206-391-0508 (fax)
