[3214] in Kerberos
Re: Ticket cracking (Re: Is there Kerberos for VMS?)
daemon@ATHENA.MIT.EDU (Glen Zorn)
Fri Apr 29 23:44:56 1994
Date: Fri, 29 Apr 1994 16:53:32 -0700
From: Glen Zorn <glenz@ocsg.com>
To: kerberos@MIT.EDU
>
>
> I thought the design of Kerberos 5 prevents the cracking of an encrypted
> ticket. Or at least makes it a lot more difficult.
>
> One thing that V5 lets you do is require pre-authentication for a
> principal, i.e. the princiapl must demonstrate knowledge of its
> password/key before it can get an initial ticket.
True, but an offline attack is still possible if an eavedropper captures the
AS_REQ message, since the preauthentication data is encrypted under the user's
secret key; harder than just requesting a TGT for someone else, but not that
hard.
[stuff deleted]
> With both of these features you
> can then scan the logs for multiple failed pre-auth attempts or modify
> the KDC to keep a count and perform some action (such as locking out
> the principal or page someone) after too many bad pre-auth attempts.
>
Locking out the principal is a BAD idea. It opens up a trivial but extremely
effective denial service attack:
a) get a list of principals
b) for each principal in the list, attempt to authenticate n+1 times
(where n is the maximum number of failed pre-auth attempts
Presto! I've effectively disabled the network.
> -- Jon
>
>
>
~gwz
Glen Zorn Senior Scientist
glenz@OCSG.COM CyberSafe Corporation
Since I was forced to write it by the alien parasite which attached itself to my
brain stem during my recent visit to an isolated area of Northern Arizona, it
could hardly be construed that this message would reflect either the opinions
or policies of my employer.
