d69246f42b
in libraries, it may damage its predictable sequence |
||
---|---|---|
.. | ||
include | ||
lib | ||
libexec | ||
man | ||
usr.bin | ||
usr.sbin | ||
Copyright.MIT | ||
Copyright.SIPB | ||
Makefile | ||
Makefile.inc | ||
patchlevel.h | ||
README.PATCH |
IMPORTANT! This distribution includes a patch (already applied), that updates Kerberos' key generation. The gist of the patch is to replace calls to des_random_key() with calls to des_new_random_key(). The primary difference is that des_random_key() uses a seeding technique which is predictable and therefore vulnerable. des_new_random_key() uses a feedback mechanism based on the Data Encryption Standard (DES) and is seeded with a secret (and therefore unknown to an attacker) value. This value is the database master key, which is a convenient secret value. This patch uses the new_rnd_key.c key module (which contains the definition and code for des_new_random_key()). It has been part of the standard Version 4 distribution since 1992 (and was recreated for FreeBSD in 1995). This is used in the MIT admin server (the primary error at MIT was not upgrading all of Kerberos to use this newer generator. This patch finishes the job). In addition to the patch for the Kerberos distribution this distribution also contains a program for changing critical system keys (namely the "krbtgt" and "changepw.kerberos" keys). When you originally built your Kerberos database these keys were chosen at random, using the vulnerable version of the kerberos random number generator. Therefore it is possible for an attacker to mount an attack to guess these values. If an attacker can determine the key for the "krbtgt" ticket, they can construct tickets claiming to be any kerberos principal. Similarly if an attacker can obtain the "changepw.kerberos" key, they can change anyone's password. The new "fix_kdb_keys(8)" program, which you run on the KDC server, will change these critical keys to new values using the newer random number generator. IMPORTANT: When you run fix_kdb_keys, all outstanding ticket granting tickets will immediately become invalid. This will be disruptive to your user community. We recommend that you either do this late at night or early in the morning before most users have logged in. Alternatively pre-announce a definitive time when you will run the program and inform your users that they will have to get new tickets at that time (using either "kinit" or simply by logging out and then in again). NOTE: The only client program modified is "ksrvutil" which is used to generate new server keys. All other client/server programs are unaffected. End users do *not* need to obtain new versions of programs that use Kerberos. This is because most random number generation in the Kerberos system is done on the KDC system. After getting these sources, type "make world" at the toplevel of your source tree. This will, among other things, build the fix_kdb_keys program. This is not necessary if you have already got prebuilt binaries with this distribution.