Kerberos Replay attack - how it is detected in SSPI?
From: Aleksey Studnev (studnev@mobilae.ru)
Date: 12/20/02
- Next message: Chris Gilbert: "Re: Certificate server should or shouldn't"
- Previous message: Jeff Qiu: "RE: Problem with PDC admin account"
- In reply to: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Next in thread: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Reply: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Aleksey Studnev" <studnev@mobilae.ru> Date: Fri, 20 Dec 2002 00:19:20 -0800
What exact optional field MS uses ? Sequense number?
What happens if this field is missing from request?
Anyway this need to be noted when interoperating of SSPI
and other Krb implementations, as soon it makes a real
problems.
Tokens issued by SSPI considered as replay for MIT.
Regards,
Aleksey
>-----Original Message-----
>ms uses an option field in conjuction with the time.
>
>if the standard says optional and you use it does that
>mean you are breaking the standard? or is it just using
>the standard to create your system. in short using the
>options to make a working system. this is what all PKI
>systems do as well as other things that follow
>the "standard".
>
>ms also uses a field that is for future use as well.
>they made many people upset when they did this but it is
>in the standard in some shape or form.
>
>there was alot of talk about this when win2k server came
>out.
>
>please no direct emails.
>
>trt
>
>>-----Original Message-----
>>One question to you, Windows security gurus:
>>how SSPI detects replay attack?
>>I have implemented interoperability between MIT Krb5
>>and SSPI and found an issue:
>>
>>When MIT makes authenticator in token it makes artifical
>>randomization of micorseconds field by adding
>incremental
>>value. Thats is because _ftime() function returns
>granular
>>time with quant 18 ms.
>>
>>On server side MIT compares only security principals and
>>times as specificated in Krb standard.
>>
>>SSPI does not do this, so if you request 2 tokens for
>>one service and user they will appear with _identical_
>>times (including microsecond field).
>>
>>Nevertherless, SSPI does not detect replay in this case..
>>but MIT does. MIT in this regard works according to Krb
>>standard and SSPI does not.
>>But still how SSPI detects replay? If it uses other
>>authenticator fields it is wrong, because they all are
>>optional. Sequense number is optional as well...
>>any ideas?
>>
>>
>>.
>>
>.
>
- Next message: Chris Gilbert: "Re: Certificate server should or shouldn't"
- Previous message: Jeff Qiu: "RE: Problem with PDC admin account"
- In reply to: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Next in thread: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Reply: terry: "Kerberos Replay attack - how it is detected in SSPI?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
