| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: warlord@MIT.EDU Date: Thu, 9 Mar 1995 13:07:09 -0500 To: mctajdi@dct.ac.uk Cc: kerberos@MIT.EDU In-Reply-To: "[4769] in Kerberos" > Am I missing some point, or is this just aimed at less competent > attackers who send a request to the KDC pretending to be the other > user, and thus get sent the tickets encrypted in the other user's > login key ? The attack that is protected against is not network sniffing, but someone asking for your principal from the kdc. For example, I can go to the KDC and request the key for rcmd.kerberos@ATHENA.MIT.EDU to get the kerberos server's service key. I can then take that response offline and attempt to crack the DES key, which I can then use to break into the machine. I can be anywhere in the world and use this attack. If it requires pre-authentication, then I have to actually be on the network and sniff the pre-authentication packet in order for this attack to work. The latter is much more difficult to do. The paper addresses only the former attack, which is much easier to accomplish. Does this help? -derek
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |