git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Fri, 16 Dec 2022 23:31:07 +0000 (18:31 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Mon, 23 Jan 2023 23:41:42 +0000 (18:41 -0500)
commit	1b57a4d134bbd0e7c52d5885a92eccc815726463
tree	b527ac08fdd883e5ea7bc5164476d64afa052a35	tree
parent	2cbd847e0e92bc4e219b65c770ae33f851b22afc	commit \| diff

Don't issue session keys with deprecated enctypes

A paper by Tom Tervoort noted that rc4-hmac pre-hashes the input for
its checksum and GSS operations before applying HMAC, and is therefore
potentially vulnerable to hash collision attacks if a protocol
contains a restricted signing oracle.

In light of these potential attacks, begin the functional deprecation
of DES3 and RC4 by disallowing their use as session key enctypes by
default. Add the variables allow_des3 and allow_rc4 in case
negotiability of these enctypes for session keys needs to be turned
back on, with the expectation that in future releases the enctypes
will be more comprehensively deprecated.

ticket: 9081

doc/admin/conf_files/krb5_conf.rst		diff \| blob \| blame \| history
doc/admin/enctypes.rst		diff \| blob \| blame \| history
src/include/k5-int.h		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/init_ctx.c		diff \| blob \| blame \| history
src/tests/gssapi/t_enctypes.py		diff \| blob \| blame \| history
src/tests/t_etype_info.py		diff \| blob \| blame \| history
src/tests/t_sesskeynego.py		diff \| blob \| blame \| history
src/util/k5test.py		diff \| blob \| blame \| history