[prev in list] [next in list] [prev in thread] [next in thread] 

List:       krb5-bugs
Subject:    [krbdev.mit.edu #5957] fakeka requires master key be DES
From:       "Russ Allbery <rra () stanford ! edu> via RT" <rt-comment () krbdev ! mit ! edu>
Date:       2008-05-01 6:18:14
Message-ID: rt-5957-26528.19.8040820578538 () krbdev ! mit ! edu
[Download RAW message or body]

fakeka initializes the DES random number generator with the key block of
the master key.  This seems a bit questionable, if not obviously broken,
in the first place, but it also retrieves the key with the following code:

    if ((code = kadm5_decrypt_key(handle, &master_princ_rec,
                                  ENCTYPE_DES_CBC_CRC, -1, 0, &mkey, NULL,
                                  NULL))) {
        com_err(argv[0], code, "while decrypting the master key");
        exit(1);
    }

This breaks if K/M has no des-cbc-crc key (such as with a newly built
KDC with a 3DES master key).

I discussed this briefly with Sam on Zephyr and he suggested just
removing the enctype restriction on the key retrieval and passing
whatever you got back into the des random seed function, since any other
key is going to be at least as long as a DES key.

However, more fundamentally, I think this is broken.  Among other
things, the master key basically never changes, thus making it a poor
choice for a random seed.

I expect there's some other function in the Kerberos libraries that
already retrieves some random data from a system service such as
/dev/random.  That should be used here as well.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
[prev in list] [next in list] [prev in thread] [next in thread]