[3193] in Kerberos
Re: Is there Kerberos for VMS? (fwd)
daemon@ATHENA.MIT.EDU (Ganesan)
Thu Apr 28 15:03:31 1994
From: bf4grjc@socrates.MIT.EDU (Ganesan)
To: kerberos@MIT.EDU
Date: Thu, 28 Apr 1994 14:33:55 -0500 (EDT)
Reply-To: Ravi.Ganesan@bell-atl.com
Forwarded message:
From bf4grjc Thu Apr 28 14:33:30 1994
Subject: Re: Is there Kerberos for VMS?
To: p.lister@cranfield.ac.uk
Date: Thu, 28 Apr 1994 14:33:30 -0500 (EDT)
In-Reply-To: <2pllmt$iea@xdm001.ccc.cranfield.ac.uk> from "Peter Lister" at Apr 27, 94 12:27:09 pm
Reply-To:Ravi.Ganesan@Bell-Atl.Com
X-Mailer: ELM [version 2.4 PL13]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1115
>
> In article <25APR199423574507@ariel.lerc.nasa.gov>, uugblum@ariel.lerc.nasa.gov (Greg Blumers) writes:
> |> - No intrusion detection system. Incorrect passwords can be entered
> |> forever. With an unlimited number of tries, I don't see why a
> |> Kerberized password can't be cracked.
>
> I don't need repeated logins to test a key, I can take an encrypted ticket and crack it in the privacy of my own host.
>
Which is why you should have some sort of filter for ensuring users
pick good passwords. Chris Davies's and my paper on BApasswd, which
appeared in the 16th National Computer Security Conference, describes
some proactive password checkers and also provides some references to
methods to avoid attacks such as this, for those who are interested.
Ravi
--
*******************************************************************************
Ravi Ganesan e-mail: Ravi.Ganesan@Bell-Atl.Com
Manager, Center of Excellence v-mail: (301) 236-7583
for Electronic Commerce
Bell Atlantic
******************************************************************************
--
*******************************************************************************
Ravi Ganesan e-mail: Ravi.Ganesan@Bell-Atl.Com
Manager, Center of Excellence v-mail: (301) 236-7583
for Electronic Commerce
Bell Atlantic
******************************************************************************
