-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to reliably avoid obsolete crypto? #1150
Comments
The |
I understand there are existing Kerberos realms that have compatibility requirements which can't just be broken.
However, suppose I am:
What can I do to guarantee users and services will not be vulnerable to obsolete crypto such as RC4, or find which ones are? If anything tries to use that, I want to guarantee it fails noisily before exposing, e.g., breakable ciphertexts on the network to an adversary.
I know I can review the literature to find the state of the art, and I can specify options like
kinit -e aes256-cts-hmac-sha1-96
, orktutil add -e aes256-cts-hmac-sha1-96
, &c., but that requires me to keep track of the state of the art and update individual command lines with individual cryptosystem choices, which is a nonstarter. Let's suppose that the Heimdal maintainers have agreed to classify some cryptosystems as 'bad' and some as 'good' (and separately argue which ones are which) -- in some way other than throwing in the towel and creating a totally incompatible krb6.ktadmin
/ktutil
setup, to treat authentication attempts with obsolete crypto as failed authentication? Or, is there an easy way to audit keytabs for entries that are vulnerable to obsolete crypto, and to remove those entries?The text was updated successfully, but these errors were encountered: