Security impact of removing timestamp check in rd_rep()
Andrew Bartlett
abartlet at samba.org
Mon May 16 04:07:19 GMT 2005
On Sun, 2005-05-15 at 17:04 -0400, Sam Hartman wrote:
> >>>>> "Luke" == Luke Howard <lukeh at PADL.COM> writes:
>
> Luke> You actually want to check that they are different, to avoid
> Luke> replay attacks.
>
> But you need to store all the timestamps you have seen in an allowable
> window.
>
> Really, I don't understand why you use a timestamp in a three-leg
> protocol. It seems like you want to have a challenge in the second
> leg copied back in the third leg encrypted in a per-session key.
> However it sounds like DCE did not do this.
I think the sequence number is used for this. It appears from the way
Microsoft implements their server, that they don't check the timestamps.
Now to figure out how to tell the krb5 layer that this is a DCE_STYLE
third leg...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050516/617257fb/attachment.bin
More information about the samba-technical
mailing list