[3198] in Kerberos
Is there Kerberos for VMS? (fwd)
daemon@ATHENA.MIT.EDU (James R. Hendrick)
Thu Apr 28 18:21:23 1994
Date: Thu, 28 Apr 1994 18:03:12 -0400
From: hendrick@marlins.ctron.com (James R. Hendrick)
To: Ravi.Ganesan@bell-atl.com
Cc: kerberos@MIT.EDU
In-Reply-To: Ganesan's message of Thu, 28 Apr 1994 14:33:55 -0500 (EDT) <9404281833.AA19272@einstein.bell-atl.com>
stuff deleted
From: bf4grjc@socrates.MIT.EDU (Ganesan)
Date: Thu, 28 Apr 1994 14:33:55 -0500 (EDT)
Reply-To: Ravi.Ganesan@bell-atl.com
X-Mailer: ELM [version 2.4 PL13]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1912
> |> forever. With an unlimited number of tries, I don't see why a
> |> Kerberized password can't be cracked.
>
> I don't need repeated logins to test a key, I can take an encrypted ticket and crack it in the privacy of my own host.
>
Which is why you should have some sort of filter for ensuring users
pick good passwords. Chris Davies's and my paper on BApasswd, which
appeared in the 16th National Computer Security Conference, describes
some proactive password checkers and also provides some references to
methods to avoid attacks such as this, for those who are interested.
Ravi
--
As it happens, the cracklib (found on ftp.cert.org) provides a very nice
set of functionality you can plug right in to any password program.
Just my 2c.
Jim
