[2848] in Kerberos
Compromise of Master Key
daemon@ATHENA.MIT.EDU (Davies)
Fri Oct 8 17:12:44 1993
From: bbh7rqj@if000353.bell-atl.com (Davies)
To: kerberos@MIT.EDU
Date: Fri, 8 Oct 93 16:49:27 EDT
Reply-To: cdavies@remen.bell-atl.com
I realize that if the master key is compromised and the database is
obtained that the security of the whole system is compromised.
I was wondering, however, exactly WHAT is compromised (i.e., user's
actual passwords obtained?, etc.) and exactly HOW it is compromised.
Perhaps we can answer these questions under two different assumptions:
1) That the hacker HAS root
2) That he DOES NOT have root (perhaps poor permissions have
given away the master key).
Any comments would be appreciated.
Thanks,
Chris.
--
*******************************************************************************
Chris Davies e-mail: Christopher.I.Davies@bell-atl.com
Bell Atlantic Voice: (301) 989-4111
Fax: (301) 989-3945
******************************************************************************
