为什么 Kerberos 协议(protocol)没有功能 perfect forward secrecy ?
最佳答案
The Kerberos protocol in its basic form does not provide perfect
forward secrecy for communications. If traffic has been recorded by an eavesdropper, then messages encrypted using the KRB_PRIV message, or messages encrypted using application-specific encryption under keys exchanged using Kerberos can be decrypted if the user's,
application server's, or KDC's key is subsequently discovered. This is because the session key used to encrypt such messages, when
transmitted over the network, is encrypted in the key of the
application server. It is also encrypted under the session key from
the user's TGT when it is returned to the user in the KRB_TGS_REP
message. The session key from the TGT is sent to the user in the
KRB_AS_REP message encrypted in the user's secret key and embedded in
the TGT, which was encrypted in the key of the KDC. Applications
requiring perfect forward secrecy must exchange keys through mechanisms that provide such assurance, but may use Kerberos for authentication of the encrypted channel established through such other means.
基本上完美的前向保密会增加协议(protocol)的额外开销,而这对于许多应用程序来说是不必要的。如果您需要 PFS,那么您可以添加它。对于大多数 Kerberos 用户来说,最重要的是速度。如果您在世界各地有数万名员工同时进行身份验证,那么 PFS 所需的开销将过于昂贵且不切实际。
关于security - 为什么 Kerberos 协议(protocol)不具有完美的前向保密性?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3342485/