[2935] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: About principals' secret keys & attacks

daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Mon Dec 20 22:51:56 1993

Date: Mon, 20 Dec 93 22:41:02 -0500
From: Jeffrey I. Schiller <jis@MIT.EDU>
To: smb@research.att.com
Cc: sdawson@engin.umich.edu, carlos@athea.ar, kerberos@MIT.EDU
In-Reply-To: <9312202342.AA24873@MIT.EDU> (smb@research.att.com)

Turns out that there is another attack in v4. The problem is that v4
doesn't differentiate between users and services. So for example if I
want to perform a dictionary attack against smb@research.att.com
(assuming research.att.com is your Kerberos realm), then I request a
ticket in my name (or the name of some dup whose password I already
have) for the "smb.@research.att.com" service.

Because the contents of tickets contain the service name (your name) then
I know when I have performed a successful dictionary attack!

			-Jeff


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2935] in Kerberos

Re: About principals' secret keys & attacks

daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)Mon Dec 20 22:51:56 1993

daemon@ATHENA.MIT.EDU (Jeffrey I. Schiller)
Mon Dec 20 22:51:56 1993