[2934] in Kerberos
Re: About principals' secret keys & attacks
daemon@ATHENA.MIT.EDU (smb@research.att.com)
Mon Dec 20 18:54:03 1993
From: smb@research.att.com
To: Scott Dawson <sdawson@engin.umich.edu>
Cc: Carlos Horowicz <carlos@athea.ar>, kerberos@MIT.EDU
Date: Mon, 20 Dec 93 18:42:20 EST
> 2. Under krb5, does the attacker have less possibilities than here,
> to run a dictionary of possible passwords and maybe hit the password?
not sure. I'm not familiar with krb5.
It's been a few years since I looked at it, but the ASN.1 notation can
make life even easier for the attacker.
I personally regard this attack -- requesting TGT's for various
individuals --as the single biggest problem with Kerberos. I believe
that there's an enhancement to V5 -- and I don't recall if it's an
option or part of the basic protocol -- to provide for
preauthentciation of the TGT request. That's a very important change.
