[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KDC replay cache unnecessary?

On Thu, Mar 13, 2003 at 12:23:48PM -0800, Frank Cusack wrote:
> Applications that use encryption with the shared session key do not need
> a replay cache.

There is no requirement to use the shared session key.

> Therefore isn't the KDC replay cache unnecessary?

IIRC, there was a paper written that critized MIT Krb4 because of a
number of limitations in its security model. I can't remember the
details off hand, but can look them up with you want.

One of the limitations described was that there is a 5 minute
window in which a reply attack could occur (its been a long
time since a looked at this last, so the details are becoming

The answer in Krb5 was to have a replay cache.

> This is an important question, because, AFAIK, multiple KDCs do not
> keep their replay caches in sync (referring to unix implementations only).
> If the replay cache is actually necessary, this is a major problem.

Good point.

Apparently replay caches only work if you only have one KDC per realm.
Brian May <bam@snoopy.apana.org.au>