On Thu, Feb 20, 2003 at 12:15:17AM -0800, John Rudd wrote:
> Because the KDC knows the master key, and the master key is what is
> used to _encrypt_the_database_. If you want to access the key database
> directly, YOU have to know the master key pass-phrase too. You cannot
> just look in the database using the appropriate database tools (for
> whatever database engine you're using), because the entries are all
> encrypted. If you (the kerberos administrator) forget the master key
> pass-phrase, you're kinda screwed.
This doesn't change the original point: you are not storing a one-way hash
of your Kerberos secrets, just obscuring them in a way which can be reversed
at the time when you need to use them.
The same method works equally well for a SASL database of plaintext
passwords. i.e. you can encrypt the whole lot with a symmetric cipher. When
you need to authenticate someone, you decrypt the relevant password and run
in through the CRAM algorithm.
This means that either:
(1) the master symmetric key is stored on disk [in which case the whole DB
might as well not be encrypted]; or
(2) the master key is entered at boot-up time [in which case it is held in
RAM and still vulnerable, although someone who unplugs the server while
stealing it will lose this information]; or
(3) you are using a hardware crypto box where the keys (master key and
decrypted CRAM secrets) never go outside.
I did actually ask nCipher a few years ago whether they would consider
implementing common SASL mechanisms in their boxes, for this very reason. At
the time they said their was insufficient demand for this; most of their
customers were more concerned about doing SSL/TLS.
Regards,
Brian.
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
