samba-technical@lists.samba.org
[Top] [All Lists]

Re: Security impact of removing timestamp check in rd_rep()

Subject: Re: Security impact of removing timestamp check in rd_rep()
From: Sam Hartman
Date: Mon, 16 May 2005 01:06:01 -0400
>>>>> "Andrew" == Andrew Bartlett <abartlet@xxxxxxxxx> writes:

    Andrew> On Sun, 2005-05-15 at 17:04 -0400, Sam Hartman wrote:
    >> >>>>> "Luke" == Luke Howard <lukeh@xxxxxxxx> writes:
    >> 
    Luke> You actually want to check that they are different, to avoid
    Luke> replay attacks.
    >>  But you need to store all the timestamps you have seen in an
    >> allowable window.
    >> 
    >> Really, I don't understand why you use a timestamp in a
    >> three-leg protocol.  It seems like you want to have a challenge
    >> in the second leg copied back in the third leg encrypted in a
    >> per-session key.  However it sounds like DCE did not do this.

    Andrew> I think the sequence number is used for this.  It appears
    Andrew> from the way Microsoft implements their server, that they
    Andrew> don't check the timestamps.

OK, if sequence numbers are used, then timestamps probably should not be.

Well, it sort of has to be a DCE style third leg: krb5 does not
normally have a third leg at all.

<Prev in Thread] Current Thread [Next in Thread>