[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KDC replay cache unnecessary?
On Thu, Mar 13, 2003 at 12:23:48PM -0800, Frank Cusack wrote:
> Applications that use encryption with the shared session key do not need
> a replay cache.
There is no requirement to use the shared session key.
> Therefore isn't the KDC replay cache unnecessary?
IIRC, there was a paper written that critized MIT Krb4 because of a
number of limitations in its security model. I can't remember the
details off hand, but can look them up with you want.
One of the limitations described was that there is a 5 minute
window in which a reply attack could occur (its been a long
time since a looked at this last, so the details are becoming
The answer in Krb5 was to have a replay cache.
> This is an important question, because, AFAIK, multiple KDCs do not
> keep their replay caches in sync (referring to unix implementations only).
> If the replay cache is actually necessary, this is a major problem.
Apparently replay caches only work if you only have one KDC per realm.
Brian May <email@example.com>