Security impact of removing timestamp check in rd_rep()
hartmans at mit.edu
Mon May 16 05:06:01 GMT 2005
>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:
Andrew> On Sun, 2005-05-15 at 17:04 -0400, Sam Hartman wrote:
>> >>>>> "Luke" == Luke Howard <lukeh at PADL.COM> writes:
Luke> You actually want to check that they are different, to avoid
Luke> replay attacks.
>> But you need to store all the timestamps you have seen in an
>> allowable window.
>> Really, I don't understand why you use a timestamp in a
>> three-leg protocol. It seems like you want to have a challenge
>> in the second leg copied back in the third leg encrypted in a
>> per-session key. However it sounds like DCE did not do this.
Andrew> I think the sequence number is used for this. It appears
Andrew> from the way Microsoft implements their server, that they
Andrew> don't check the timestamps.
OK, if sequence numbers are used, then timestamps probably should not be.
Well, it sort of has to be a DCE style third leg: krb5 does not
normally have a third leg at all.
More information about the samba-technical