[4619] in Kerberos
Re: Brute-force decryption (was: Should I restrict 'kinit' access)
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Feb 14 11:19:44 1995
To: kerberos@MIT.EDU
Date: 14 Feb 1995 16:08:18 GMT
From: jik@cam.ov.com (Jonathan I. Kamens)
In article <MARC.95Feb13175805@dun-dun-noodles.cam.ov.com>, marc@cam.ov.com (Marc Horowitz) writes:
|> You can eliminate passive spoofing attacks, but you need to do
|> Diffie-Hellman in the preauthentication stage, or something similar.
Diffie-Hellman can be used to negotiate a session key in which to encrypt the
initial ticket sent to the user, but even that doesn't *completely* prevent
passive spoofing attacks (by which I assume you mean snooping on the network,
stealing an initial ticket, and then using brute-force methods to decrypt it),
because the attacker can do a brute-force attack on the
Diffie-Hellman-encrypted ticket just as he would have on the ticket encrypted
in the user's password.
Granted, if he succeeds, the ticket he thus obtains is much less useful --
it's only useful for the lifetime of the ticket, and unless he knows how to do
IP address spoofing, it's only useful on the machine for which it was
originally issued (ignoring the fact that some servers don't check IP
addresses in tickets).
--
Jonathan Kamens | OpenVision Technologies, Inc. | jik@cam.ov.com
