[2929] in Kerberos
About principals' secret keys & attacks
daemon@ATHENA.MIT.EDU (Carlos Horowicz)
Fri Dec 17 12:50:43 1993
From: Carlos Horowicz <carlos@athea.ar>
To: kerberos@MIT.EDU
Date: Fri, 17 Dec 1993 14:19:15 -0300 (ARG)
Hello,
I got a bit confused about the storing of secret keys, and the
detection of attacks in krb4. Can anybody help ? The questions are:
1. Can the principal's secret key be decrypted, in the case the masterkey
is stolen ? If the UNIX password crypt algorithm doesn't have a reverse,
is this not a drawback against UNIX passwords ? I mean, in UNIX a user
cannot be faked as far as he/she doesn't own an .rhosts file, am I right ?
2. If an attacker wants to break a principal's secret key, is there any
way to identify the attack, for example, by exceeding some number of
trials ?
Carlos
