[558] in Kerberos
[bbrown%crl.DEC@decwrl.dec.com: password length]
daemon@TELECOM.MIT.EDU (John T Kohl)
Mon Dec 19 11:34:44 1988
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
[again, edited slightly]
------- Forwarded Message
Date: Sun, 18 Dec 88 18:09:09 PST
From: bbrown%crl.DEC@decwrl.dec.com
To: jtkohl@ATHENA.MIT.EDU
Subject: password length
Hi,
How do you feel about extending the possible passwd length to 16
bytes? If a 16 byte password is read, the first eight bytes could be
used as encryption fodder and the last eight could be used as a key. If
9-15 were read, the passwd could be finished off with the first few
bytes of the password, and encrypted as above. If only eight bytes were
read, then the old encryption scheme could be used. This would give you
a simple path to upgrade from an old password scheme to long passwords.
The long passwords would complicate a password guessing attack on the
KKDS response packet for the user's tgt request. The attacker would
have to guess a 16 byte password, encrypt it with DES and then try to
decode the tgt with the result.
Why does Kerberos only encrypt a user's password once? The encryption
of the password seems to be all done on the client, so it shouldn't load down
the server. This would also slow down a password guessing attack.
Bill
------- End Forwarded Message
