Discussion:
RFC 6542 adopted by MIT krb5?
Wang Weijun
2015-10-15 08:00:27 UTC
Permalink
We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?

src/lib/gssapi/krb5/util_cksum.c has

/* Checksumming the channel bindings always uses plain MD5. */
krb5_error_code
kg_checksum_channel_bindings(context, cb, cksum)

Is that comment still precise? I tried to search for RFC 6542 site:mit.edu and also found nothing.

Thanks
Max


_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Greg Hudson
2015-10-15 18:00:45 UTC
Permalink
Post by Wang Weijun
We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?
To the best of my knowledge, we haven't implemented it yet.
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Wang Weijun
2015-10-16 01:52:06 UTC
Permalink
Post by Greg Hudson
Post by Wang Weijun
We (Java team at Oracle) are going through weak algorithms in all our code and noticed our krb5 GSS-API mech is using MD5 in channel binding. I noticed RFC 6542 already updated it. Does MIT krb5 support it?
To the best of my knowledge, we haven't implemented it yet.
Is there a plan?

The TLS guys in our team are talking about removing SHA-1 and I am asked what we can do on Kerberos. I said we only need for a little while because the SHA-2 related etypes are already in an IETF draft. And then I notice we are still using MD5. :-(

--Max


_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
Benjamin Kaduk
2015-10-16 02:22:45 UTC
Permalink
Post by Wang Weijun
The TLS guys in our team are talking about removing SHA-1 and I am asked
what we can do on Kerberos. I said we only need for a little while
because the SHA-2 related etypes are already in an IETF draft. And then
I notice we are still using MD5. :-(
It will be more than "a little while" before the SHA-2 enctypes are widely
deployed, I fear. Of course, the SHA-1 ones use HMAC-SHA1, but it is
harder to convince people that HMAC is different than to have an
alternative deployed.

-Ben
_______________________________________________
krbdev mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Loading...