[1394] in Kerberos
Verifying passwords without getting new tickets
daemon@ATHENA.MIT.EDU (Mark Lillibridge)
Mon May 20 14:56:19 1991
From: Mark Lillibridge <mdl@B.GP.CS.CMU.EDU>
Date: Mon, 20 May 91 13:07:21 EDT
To: marc@MIT.EDU
Cc: cjr@simpact.COM, kctreima@eos.ncsu.edu, cjr@simpact.COM,
In-Reply-To: Marc Horowitz's message of Sat, 18 May 91 04:27:06 EDT <9105180827.AA13470@steve-dallas.MIT.EDU>
> It is true that the password is never sent over the wire. However,
> this does not prevent dictionary attacks. I can request from your
> kerberos server a TGT for you, and then attack it in the privacy of my
> own host in whatever way I want. Once I can decrypt your TGT, I
> effectively have your password, except I can't use kinit, since
> stringtokey is irreversible. And in this whole process, only one TGT
> request will be logged. There have been discussions on this list
> about how to prevent this type of attack, but I don't know what was
> adopted for krb5, if anything.
>
> Marc
It is impossible to protect against this kind of attack without
radically altering kerberos. (i.e., adding random #'s at both ends or
using public-key methods) Note that it is not even necessary ask for a
TGT for X to do a dictionary attack against X. All you need to do is
eavesdrop on X logging in once.
- Mark Lillibridge
