[1012] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Ben Cranston)
Fri Jun 15 12:15:56 1990
Date: Fri, 15 Jun 90 11:11:50 EDT
From: Ben Cranston <ZBEN@UMD2.UMD.EDU>
To: kerberos <kerberos@ATHENA.MIT.EDU>
It occurs to me that the tgt could initially return something that is
encrypted and cannot be "validated" even if the correct password be guessed.
The client would be forced to do one more interaction with the tgt server,
a sort of "ok, this is something you gave me decrypted with the user's
password -- does it make sense to you?".
The advantage of this is that a dictionary approach would have to do one
of these additional interactions for every try, and the tgt could arrange
to notify human security personnel if the number of "bad password" replies
exceeds a certain number within a predetermined time interval.
The disadvantage is requiring one more packet interchange per login, and
the fact that it does NOT address the aforementioned tgt-spoofing attack.
