[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KDC replay cache unnecessary?

[I assert that ...]
Applications that use encryption with the shared session key do not need
a replay cache.

- An attacker replaying an authenticator will not be able to communicate
  with the service, so
- an attacker that /can/ communicate with the service must have the session
  key; an attacker with the session key has no need to replay authenticators.

Since replies from the TGS are encrypted with the session key, in order
to get any benefit from a replayed authenticator, the attacker must
break the session key.

Therefore isn't the KDC replay cache unnecessary?

This is an important question, because, AFAIK, multiple KDCs do not
keep their replay caches in sync (referring to unix implementations only).
If the replay cache is actually necessary, this is a major problem.

I've seen some notes about replay cache issues (in general) in heimdal,
can someone clarify the current state of affairs?

On Thu, Aug 22, 2002 at 04:21:25PM +0200, Daniel Kouril wrote:
> On Thu, Aug 22, 2002 at 10:12:28AM -0400, Ken Hornstein wrote:
> > 
> > I sure hope your Kerberos implementation includes a replay cache
> To quote from Heimdal's TODO:
> "the replay cache is, in its current state, not very useful"