Skip to content

pkinitmustiness

Jump to bottom Edit New page
Benjamin DELPY edited this page Oct 9, 2016 · 2 revisions

Description

PKINIT Mustiness is the opposite of PKINIT Freshness (https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness).

It abuses the way Kerberos authenticates users with smartcard/token, by generating AS-REQ challenges for future usages... without needing access to the user secret in this future to decrypt AS-REP.

Technical

Password/Key authentication (the classic one)

  1. The client get its symmetric-key (derived from its password or not), usually RC4/AES128/AES256, can be DES or other
  2. The client create a timestamp in PA-ENC-TS-ENC
  3. The client encrypt the PA-ENC-TS-ENC structure into a PA_ENC_TIMESTAMP, with its symmetric-key
  4. The client send an AS-REQ with this PA-DATA (it contains the PA_ENC_TIMESTAMP) to the AS, as a proof of the knowledge of its secret
  5. The AS (KDC on domain controller in a Windows world) knows the symmetric-key of the user and can decrypt the timestamp
  6. The AS encrypt an the secret part of the TGT (EncKDCRepPart) ticket with the client symmetric-key
  7. The client get the TGT session key by decrypting the secret part of the TGT with its symmetric-key
  8. The client use the TGTticket.

Here, the client need to use its secret symmetric-key two times: 3. & 7.

RSA Keypair authentication

RSA Keypair with Diffie-Hellman authentication

Add a custom footer
Add a custom sidebar
Clone this wiki locally