[2879] in Kerberos
Re: A secure login scheme?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Oct 28 22:12:31 1993
Date: Thu, 28 Oct 93 22:00:53 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: "Robert G. Moskowitz" <0003858921@mcimail.com>
Cc: kerberos <kerberos@MIT.EDU>, ietf <ietf@ietf.cnri.reston.va.us>
In-Reply-To: Robert G. Moskowitz's message of Thu, 28 Oct 93 11:49 GMT,
If your goal is to provide a secure login scheme over a possibly
untrusted network, it is not necessary to use a public-key scheme to
achieve these goals.
Note that in your scheme, it is necessary to add intelligence to the
"client" workstation which you are sitting at, so that it can perform an
RSA operations on your behalf; these operations would be used to
authenticate you to the login server back "home" onto which you wish to
login. This client machine must be trusted, since it has its hands on
its your private key.
But if you assume that you have a trusted entity at your end which can
do encryption (either public-key or private-key), you could just as
easily get Kerberos tickets on that client workstation, and login to
your home machine securely, without ever needing your password to
traverse the network.
If your goal is to provide a secure login scheme, Kerberos can do just
as good a job as DASS or some other comparable public-key scheme. If
you have an issue with Kerberos's uses of DES, V5 Kerberos has an
cryptographic algorithm identifier, and you could simply use triple-DES
instead. (This is something I intend to add eventually to Kerberos V5.)
There are two big wins that public-key systems has over private-key
systems. The first is that in the private-key system, compromise of the
KDC is disastrous --- all users would have to manually register new
passwords with the KDC. In contrast, in a public-key system, the KDC
does not even have to be running on a trusted machine (modulo revocation
issues), since the certificates are signed and self-verifiable. The
second big win is that for cross-realm authentication, public-key
systems scale better than private-key systems.
However, neither of these concerns are ones which you really need to
worry if the problem which you're trying to solve is "remote login from
the IETF terminal room". Assuming that the workstation in the IETF
terminal room is one that you trust, and has kerberos software on it,
you can kinit on that workstation, and then use those tickets to login
to your home machine --- and it would work just as well as public-key
scheme. You can even securely forward your Kerberos authentication over
to your home system without needing to type your password again
correctly.
(Using Derek Atkin's Bachelor's thesis, it is even possible to do this
if all you have is a laptop and an (untrusted) dialup/telnet connection
to your remote system.)
I will also be at the IETF meeting, and I will be glad to spend some
time talking to you about this.
- Ted
