Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

A modem is a baudy house.

devel / comp.protocols.kerberos / Re: Protocol benchmarking / auditing inquiry

SubjectAuthor
o Re: Protocol benchmarking / auditing inquiryChristopher D. Clausen

1
Re: Protocol benchmarking / auditing inquiry

<mailman.18.1707937782.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=469&group=comp.protocols.kerberos#469

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: cclau...@acm.org (Christopher D. Clausen)
Newsgroups: comp.protocols.kerberos
Subject: Re: Protocol benchmarking / auditing inquiry
Date: Wed, 14 Feb 2024 13:09:34 -0600
Organization: TNet Consulting
Lines: 30
Message-ID: <mailman.18.1707937782.2322.kerberos@mit.edu>
References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="15436"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
To: Brent Kimberley <Brent.Kimberley@Durham.ca>,
"kerberos@mit.edu" <kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=grouvYKz;
dkim=pass (2048-bit key,
unprotected) header.d=messagingengine.com header.i=@messagingengine.com
header.a=rsa-sha256 header.s=fm3 header.b=a5VbFq17
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=YkH7sbYC0uoi0PmtFpNYOX8Syp2HH8EtfPaXWLem7XC/wH//gZw3/P7SQNWHM/579tdKW+7BlPKIXnZqeeS5DvxL5dwXH/544fnu9hPbbEdVc7QWxWe//latNz6OYK3vVa+aCFi607SJmielhm5mbRILM9MBFveHLBkwIMvGs7jGgDPBYLJIa5QIReYZkkOC8Wiszr8N95je1Ifymi36pMNBN20qaLBhZX701puiuj/LTz88Xp1csTbym2TFjlxqo//IFmSknk19QBkga4/5ndtm54jxaC6UPevuYruKutFhA4lnlJepJefiWBPMgDDgCUbkc55PlurzCcFeI+rPfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=;
b=Et5PGlIqStz+EBzsOwOu1V58H46dCpWRh8DHcnhclq5ZHsZWh1px71CGEcb0LdDsDUa4LmM8NDbf74Pomc1pXzxbuet7u4kfPO21TKx7QPFBrSvbYQhubLO3Yuy4yrvhM+3uY3c3DR6PQy1ZAU9AYCJ2F6RKeu9mUzwu15AYQxgnsG0t01mNL28zU76agvDYMn3Nv44kznHq6dlMk+jvTs0wJyHF0kaem7DEGZxn3x8bDUeEpSL99CJETmEdo6h1LRg1srG9e3MNJbDtna3FmeedLDQegYvEui5uxY4NGd4vFLRWTmFTBkQFUNY9Xh9WxsNfOih7tycvkBgVOz/Xbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 64.147.123.22) smtp.rcpttodomain=mit.edu smtp.mailfrom=acm.org; dmarc=fail
(p=none sp=none pct=100) action=none header.from=acm.org; dkim=pass
(signature was verified) header.d=messagingengine.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=;
b=grouvYKzrbEvJIK0wlwtltuOG1QakWDXoN2/WARkIMQXll9eWgokRMa0IuYlfZYKiowrudqvLxyKIZ+nCNJErto7oKujoGLII7YTPJNrnZz8l7A9346Vw0LdmpD5f2+BsO8tGaqaRCgw5C5I1iRKg0xHoEgPTYQcZjmusqhhqwA=
Authentication-Results: spf=softfail (sender IP is 64.147.123.22)
smtp.mailfrom=acm.org; dkim=pass (signature was verified)
header.d=messagingengine.com;dmarc=fail action=none header.from=acm.org;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
acm.org discourages use of 64.147.123.22 as permitted sender)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-transfer-encoding:content-type
:content-type:date:date:feedback-id:feedback-id:from:from
:in-reply-to:in-reply-to:message-id:mime-version:references
:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy
:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1707937776; x=
1708024176; bh=l4JL/TZtbBFkeLtMVSmJbnEXi8XJrNb3Bid4h6q6ym0=; b=a
5VbFq17XXNp+APEx9HG8Dtb4s9wyvzYXck1MnAwW2R00/wxkl/9Vj+sHc5uB4E/t
RakdcbQj1issz3N+uzOQI4sNoExROIPvnksPIs+bzyncdBUndhsJ1JQ8U+criPtq
/z88tSi+hUnILWvFS6XcfQH06JRULCUV2FL0Q15Gq87NxPqRRyKmftcU/zk/LzvF
VnGEHniVcPX1vQQ6Tz+YCBVybpv/EYSq33oH/pl44S79gjcj6gjixmGx8qAVYt/N
P/eRJholwByO1i8/A3OlK0ya/3eJZZifLVLLdY47Ec1Oh9h0P2KZO+4lnvLkX+Jy
WoMIf3yhq558CT/sEzPnw==
X-ME-Sender: <xms:7w_NZVWCFaqtcs-75TOFcxUtm1S1dxLbpftEsh98O8MFkcxGlIyZBQ>
<xme:7w_NZVn4kuIy_lpCCUcFEJMau7Q-YR5GPaY1UJPf6omhatxXE0f9cN9JmYAiKUFrP
i24CliuTTs4jAhK>
X-ME-Received: <xmr:7w_NZRYMIJtYVfei4DaRRBZ76DG3Kv_R11SeP6b263p1KZZKTxoy6PA0a8Yw0TdQ5gSX3g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejgdduvddvucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepkfffgggfuffvfhfhjggtgfesthekredttddvjeenucfhrhhomhepfdevhhhr
ihhsthhophhhvghrucffrdcuvehlrghushgvnhdfuceotggtlhgruhhsvghnsegrtghmrd
horhhgqeenucggtffrrghtthgvrhhnpeduhfetueffhefgtddvffejgeevudegieejvedt
veekjeevvdevtddtgedvteevtdenucffohhmrghinheptghishgvtghurhhithihrdhorh
hgpdhgihhthhhusgdrtghomhdpshhshhdqrghuughithdrtghomhenucevlhhushhtvghr
ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegttghlrghushgvnhesrggtmh
drohhrgh
X-ME-Proxy: <xmx:7w_NZYVVrFTsXYPEqbLn0IpIeDuxQgcWFgHjyWXLPuvfGMXxfNpDtA>
<xmx:7w_NZfmrFUtP5J-Cuu1DLkX0iTHWSdT2gX20-ZFzRbRAXtHigGvIAg>
<xmx:7w_NZVeLLmmJ03Kg2qr_qEOgUe2xA3DylN5v_Lg8oXnA3v_UBOSiRQ>
<xmx:8A_NZYjhxZUVkUcwr2a-ZdtcwJLSsXj1quzNZnljIlCddSNUEg-cXnJZgbw>
Feedback-ID: i42c441e0:Fastmail
Content-Language: en-US
In-Reply-To: <YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN2PEPF000044A2:EE_|CH0PR01MB7050:EE_
X-MS-Office365-Filtering-Correlation-Id: 1ec33061-d62c-4f16-36e7-08dc2d907d1a
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: KbiIKp6JHJw4KULA+SNlr5fhU9bchJgDt/L1g62eG/RflzPiI9DtSUgijIG8KCfTn4iDXdZHX+LA2ojwDcCjk62d2kb2kPhnoxtkuI2yOxLD05ycWrmga1HvWk1mI/hqC68Y/VLaxHv35ukTsup+Nu+38fEyaHu8qZiRkAaNMllihCfJL4vXMUll36Ry1FQRY40ir0EtyRuSNnoWpGCULbqBhJc5F0OghWQNz7jd1FMtbBdqO69oIS2Ab6ID/KpFzMg77+yPx6sSnz0913JdLoTN7VDAp6W8mnG2zDoI4my2jrBR1m3J4/LFR0V59KvDn6ujgPxOWLVy6IwcMcDpAoGl98Ls5vimvEdOvtSmnSma9948p69Ew9gOxcv6lanbfpSlkrxYyPkoOIYC4xvwkQXkIEl2VhzC/aP02VAPprCqp0TL8BmhcVMvKsnEav4VIUmIHV+KHMRp0VXiBnG+gKKgDNfSmjpzJGEYQr9Qb3o68ylGlaLRgP8cJdn8IZQx4N8pmBC2xW6bQbcWo/MOfWQ07A6eo3Mb4985zfhUy7DfbLLi7suPcZgKH0quywEcGdtEFxgGMKOku4/L0G5lg63Dvf6c2iKgGligNsLw3QbJdBxsP795jJ0+0blooYpdsFQy/vS2Isyv2aRkOaGIKeDDYXc/oVNVfNJmprT/toyFRhUUm6cO1+kuPMhH9Y+t
X-Forefront-Antispam-Report: CIP:64.147.123.22; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:wforward3-smtp.messagingengine.com;
PTR:wforward3-smtp.messagingengine.com; CAT:NONE;
SFS:(13230031)(4636009)(136003)(396003)(346002)(376002)(39860400002)(451199024)(64100799003)(48200799006)(31686004)(498600001)(966005)(8676002)(5660300002)(2906002)(4744005)(7636003)(86362001)(2616005)(42186006)(110136005)(53546011)(3613699003)(786003)(68406010)(70586007)(316002)(83380400001)(6266002)(336012)(31696002)(356005)(6966003)(7596003)(26005)(36756003);
DIR:OUT; SFP:1022;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2024 19:09:37.5303 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ec33061-d62c-4f16-36e7-08dc2d907d1a
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044A2.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR01MB7050
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <ba168ba8-161d-47c1-82e2-edf4cba957c7@acm.org>
X-Mailman-Original-References: <YT1PR01MB4187CA8C93DE6AC8560FB1BCFA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
<YT1PR01MB418752C508C40187D7D88BC8FA4E2@YT1PR01MB4187.CANPRD01.PROD.OUTLOOK.COM>
 by: Christopher D. Claus - Wed, 14 Feb 2024 19:09 UTC

I have used this as a guide, but I think MIT Kerberos version 1.10 is
the latest available:
https://www.cisecurity.org/benchmark/mit_kerberos

Not sure if this is what you are looking for or not.

<<CDC

On 2/14/2024 11:46 AM, Brent Kimberley via Kerberos wrote:
> Preferably something smaller and more focused than nmap or OpenSCAP. 😉
>
> From: Brent Kimberley
> Sent: Wednesday, February 14, 2024 12:44 PM
> To: kerberos@mit.edu
> Subject: Protocol benchmarking / auditing inquiry
>
> Hi.
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
>
> For example, SSH:
> Manual
> Read the RFCs and specs.
> Semi-automatic.
> jtesta/ssh-audit: SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (github.com)<https://github.com/jtesta/ssh-audit/>
> Automatic
> SSH Configuration Auditor (ssh-audit.com)<https://www.ssh-audit.com/>
>
>
> TLS example upon request.

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor