We're updating the issue view to help you get more done. 

As a security-conscious Kerberos user, I want session keys to have forward secrecy

Description

Kerberos currently has no forward secrecy properties. For example, an attacker with pervasive monitoring capability who gains access to a user's password can decrypt all past communications made by that user, and can also observe the new password when the user's password is changed. By performing ECDH exchanges during AP-REQ/AP-REP, TGS exchanges, and password changes, Kerberos can mitigate these risks.

SPAKE preauth will provided a certain measure of forward secrecy (with respect to user passwords, but not krbtgt keys) for AS exchanges when it is used.

Status

Assignee

Unassigned

Reporter

Greg Hudson

Labels

None

Components

Priority

Normal