On Tue, 1 Apr 2014, Chris Hecker wrote: > > I hope this won't turn into a giant thread, I'm just looking for some > succinct facts and/or links to thoughtful discussion, I'm not interested > in a bunch of opinions or a flame war or anything like that, and I don't > think that'd be appropriate for this list or help anybody. But here goes: > > Has there been a technical writeup of potential backdoor risks in > Kerberos, similar to the stuff that keeps coming out about various RSA > products:
I'm unaware of a writeup. The core kerberos protocol itself is pretty well-analyzed, and unlikely to have been backdoored. There could potentially be issues with the crypto primitives used by a particular Kerberos implementation or encryption type (e.g., PRNG, block cipher, and hash function), but such issues would have much broader consequences than just kerberos. AES is probably fine, but, say, the md4 hash function used in arcfour-hmac's string-to-key is not so good, and as mentioned already RFC 6649 deprecates some weak enctypes. There are various extensions to the Kerberos protocol which may have received less analysis than the core protocol; I have not attempted to survey the literature. -Ben Kaduk ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
