[1392] in Kerberos
Re: Verifying passwords without getting new tickets
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Sat May 18 05:05:04 1991
To: Chris Riddick <cjr@simpact.COM>
Cc: kctreima@eos.ncsu.edu, cjr@simpact.COM, kerberos@ATHENA.MIT.EDU
Reply-To: Marc Horowitz <marc@MIT.EDU>
Date: Sat, 18 May 91 04:27:06 EDT
From: Marc Horowitz <marc@ATHENA.MIT.EDU>
>> The password is an integral part of the Kerberos authentication protocol.
>> It is used to decrypt the packet with the TGT returned by the Kerberos
>> server. The protocol is set up to remove the need to send the password over
>> the wire. Not even an encrypted password goes over the wire. Rather, a
>> complete encrypted message is sent. This removes the threat of dictionary
>> attacks against the password itself.
It is true that the password is never sent over the wire. However,
this does not prevent dictionary attacks. I can request from your
kerberos server a TGT for you, and then attack it in the privacy of my
own host in whatever way I want. Once I can decrypt your TGT, I
effectively have your password, except I can't use kinit, since
stringtokey is irreversible. And in this whole process, only one TGT
request will be logged. There have been discussions on this list
about how to prevent this type of attack, but I don't know what was
adopted for krb5, if anything.
Marc
