[4191] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Josh Osborne)
Tue Nov 15 10:24:18 1994
From: stripes@uunet.uu.net (Josh Osborne)
To: mellon@ipd.wellsfargo.com (Ted Lemon)
Date: Tue, 15 Nov 1994 08:57:32 -0500 (EST)
Cc: jgs@yurt.merit.edu, kerberos@MIT.EDU
In-Reply-To: <199411141920.LAA24061@rurapenthe.ipd.wellsfargo.com> from "Ted Lemon" at Nov 14, 94 11:20:22 am
[...]
>The only catch is (if I understand it correctly) the problem of skew
>between your s/key password list and the server's. Both you and the
>server have an idea of where on your s/key password list you are. If
>you're both in sync, great. Things get complicated when you're not.
>
>In one case, the server is ahead of you. That is, it thinks that
>you've already used a password on your list that you don't think
>you've used. I'm not sure how standard s/key deals with this
>possibility, but it should be self-correcting. You have to cross
>a password off your list once it's been sent across the net in the
>clear, so every time you get a failed login, you'll try the next
>password. Assuming that you don't cause a lockout to occur, you
>should eventually get to the password that the host thinks you're on.
>
>The other case is that you are ahead of the server. The server can
>normally deal with this easily, since it can figure out what passwords
>are next in your sequence. [...]
This is how S/Key deals with skew:
It tells you the number of iterations of the MD4 function you are to use
when it prompts for your (S/Key) password. It does nothing else. (and
this is good since I normally use S/Key by gennerating each password on a
secure machine, but if I am not at home, I have a small sheet of S/Keys,
all numbered. Out of my last 100, I used 1 off the paper, 86 from a local
source, and threw away the last 13.
As long as an Kerb. one-time password scheme can give a sequence number, or
chalange with the prompt, I would feel that it has addressed the skew problem,
and done so succesfully.
