[24084] in Kerberos
Re: Offline password attacks on AS-REQ
daemon@ATHENA.MIT.EDU (Andreas Hasenack)
Wed Jun 15 16:12:34 2005
Date: Wed, 15 Jun 2005 17:11:40 -0300
From: Andreas Hasenack <ahasenack@terra.com.br>
To: kerberos@mit.edu
Message-ID: <20050615201139.GB8990@conectiva.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <061520051404.19661.42B03562000F3E9B00004CCD2200763704080106D2020E079D0D@comcast.net>
Errors-To: kerberos-bounces@mit.edu
On Wed, Jun 15, 2005 at 02:04:19PM +0000, brian.joh@comcast.net wrote:
> AS-REQ. I saw some discussion about this from a few years ago in the
> archives, but nothing recently. Is there a solution to this issue
> yet? If not, what progress has been made, and what direction is being
If I remember correctly, the advice given back then was:
- use hardware authentication
- use SRP (a patent discussion followed)
- implement a strong password policy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
