[ntp:questions] Re: Secure W32Time

malayter at gmail.com malayter at gmail.com
Tue Mar 21 15:29:35 UTC 2006


On 3/21/06, Danny Mayer <mayer at ntp.isc.org> wrote:
> I skimmed through the first reference and was amused to see that it was
> using Kerberos session keys for authentication. However, Kerberos is
> time dependent.... Can you say chicken and egg?

Kereberos is only time dependent to about a 5-minute window as far as
I can recall, and this is only to prevent replay attacks. The kerberos
session keys are based on shared secrets stored on each machine by
virute of their being in the same Kerberos realm; these are present
before the Windows Time Service even starts.

So while on the surface it appears that there is a dependency loop in
this process, in practice, so long as the clocks were within 5 minutes
of each other, Kerberos authentication can take place and a session
key can be established between the two machines before Windows Time
even enters into the equation.

As to what happens if the machines are offset by more than 5
minutes... well, I don't know. I would imagine that Kerberos
authentication would fail, but I would hope that unsecured NTP packets
would *not* be used in an attempt to get the machines close enough to
a point where Kerberos authentication can succeed. That would sort of
defeat the whole purpose of using secure timestamps, and leave a
serious window of vulnerability that the Time Service is trying to
precvent.

But knowing MIcrosoft, I imagine their "backward compatibility at all
costs" mentality does in fact fall back to unsecured (S)NTP when
Kerberos fails. That would be consistent with Windows 2000 SNTP
behavior.
But I really don't want to pull out the packet analyzer to find out
for sure.

--
  RPM
=========================
All problems can be solved by diplomacy, but violence and treachery
are equally effective, and more fun.
     -Anonymous




More information about the questions mailing list