-
Notifications
You must be signed in to change notification settings - Fork 209
pkinitmustiness
Benjamin DELPY edited this page Oct 9, 2016
·
2 revisions
PKINIT Mustiness
is the opposite of PKINIT Freshness
(https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness).
It abuses the way Kerberos authenticates users with smartcard/token, by generating AS-REQ
challenges for future usages... without needing access to the user secret in this future to decrypt AS-REP
.
- The client get its symmetric-key (derived from its password or not), usually
RC4
/AES128
/AES256
, can beDES
or other - The client create a timestamp in
PA-ENC-TS-ENC
- The client encrypt the
PA-ENC-TS-ENC
structure into aPA_ENC_TIMESTAMP
, with its symmetric-key - The client send an
AS-REQ
with thisPA-DATA
(it contains thePA_ENC_TIMESTAMP
) to theAS
, as a proof of the knowledge of its secret - The
AS
(KDC
on domain controller in a Windows world) knows the symmetric-key of the user and can decrypt the timestamp - The
AS
encrypt an the secret part of theTGT
(EncKDCRepPart
) ticket with the client symmetric-key - The client get the
TGT
session key by decrypting the secret part of theTGT
with its symmetric-key - The client use the
TGT
ticket.
Here, the client need to use its secret symmetric-key two times: 3. & 7.