As a security-conscious Kerberos user, I want session keys to have forward secrecy

Description

Kerberos currently has no forward secrecy properties. For example, an attacker with pervasive monitoring capability who gains access to a user's password can decrypt all past communications made by that user, and can also observe the new password when the user's password is changed. By performing ECDH exchanges during AP-REQ/AP-REP, TGS exchanges, and password changes, Kerberos can mitigate these risks.

SPAKE preauth will provided a certain measure of forward secrecy (with respect to user passwords, but not krbtgt keys) for AS exchanges when it is used.

Activity

Show:
Tom Yu
December 8, 2015, 10:20 PM

Downgrade to story until it has children, for easier manipulation in JIRA.

Assignee

Unassigned

Reporter

Greg Hudson

Labels

None

Components

Priority

Normal
Configure