Re: krb5 / Lenny status
On Fri, May 16, 2008 at 07:44:48AM -0700, Russ Allbery wrote:
> > * All of the random session key generation inside the PKINIT plugin is
> > done using the regular MIT Kerberos random key functions, *not* the
> > OpenSSL random number generator, and hence sessions created via PKINIT
> > are not subject to this vulnerability.
>
> It looks like this may not be the case. Upstream thought my statement
> above was correct, but I just got a correction from someone else who
> believes that the DH session key is used for the Kerberos session key,
> which means that PKINIT sessions would be subject to a brute force attack
> on the weak session key. I'm not sure exactly what the implications of
> that would be, since the PKINIT session key would not normally have been
> used directly to encrypt regular network traffic for, say, GSSAPI. I'm
> trying to get further clarification from upstream.
Ok, let's wait to change this until upstream confirms, ok?
Cheers,
Moritz
Reply to: