Re: krb5 / Lenny status

To: Russ Allbery <rra@debian.org>
Cc: debian-www@lists.debian.org, team@security.debian.org
Subject: Re: krb5 / Lenny status
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 16 May 2008 22:56:52 +0200
Message-id: <[🔎] 20080516205652.GA4027@galadriel.inutil.org>
In-reply-to: <[🔎] 87od769ulb.fsf@windlord.stanford.edu>
References: <[🔎] 20080515212904.GC3683@galadriel.inutil.org> <[🔎] 87od769ulb.fsf@windlord.stanford.edu>

On Fri, May 16, 2008 at 07:44:48AM -0700, Russ Allbery wrote:
> > * All of the random session key generation inside the PKINIT plugin is
> >   done using the regular MIT Kerberos random key functions, *not* the
> >   OpenSSL random number generator, and hence sessions created via PKINIT
> >   are not subject to this vulnerability.
> 
> It looks like this may not be the case.  Upstream thought my statement
> above was correct, but I just got a correction from someone else who
> believes that the DH session key is used for the Kerberos session key,
> which means that PKINIT sessions would be subject to a brute force attack
> on the weak session key.  I'm not sure exactly what the implications of
> that would be, since the PKINIT session key would not normally have been
> used directly to encrypt regular network traffic for, say, GSSAPI.  I'm
> trying to get further clarification from upstream.

Ok, let's wait to change this until upstream confirms, ok?

Cheers,
        Moritz

Reply to:

References:
- krb5 / Lenny status
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Re: krb5 / Lenny status
  - From: Russ Allbery <rra@debian.org>

Prev by Date: key rollover page: cryptsetup
Next by Date: Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT
Previous by thread: Re: krb5 / Lenny status
Next by thread: key rollover: puppet
Index(es):
- Date
- Thread