[1030] in Kerberos
Re: Trivial passwords
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Mon Jun 18 21:26:04 1990
From: jon@MIT.EDU (Jon A. Rochlis)
To: Steve Lunt <lunt@CTT.BELLCORE.COM>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of Mon, 18 Jun 90 15:59:03 -0400.
Date: Mon, 18 Jun 90 20:06:01 EDT
Perhaps the key changing protocol could be modified so that
the Kerberos server would know what the associated password is, so
that it can do password screening.
The never released admin specifically included the text string
password to allow for this. The newer admin server appears to not do
so (though it's hard to tell anything about the new admin server).
But it doesn't really matter. Even if kadmind just gets the key, it's
trivial for it to compare it to a database of keys derived by running
string to key over the your favorite dictionary. (I don't think the
server/user distincation matters much here, so what if you also force
a server (or the person setting up a server) to choose a good password.)
I don't think this point need more discussion, we need code. Not a
lot of code, just a little for the admin server and a bit for the
clients (so you get an understandable error message). It seems like a
day's worth of hacking. (A bit more for use since the Moira
Registration client is more important than the password changing
client. People almost never change their passwords, so you've got to
get it right from the start.)
-- Jon
