[5913] in Kerberos
Re: Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (smb@research.att.com)
Sat Sep 23 11:37:12 1995
From: smb@research.att.com
To: "Kenneth D. Renard" (ACISD) <kdrenard@ARL.MIL>
Cc: gaskell@dstc.edu.au, kerberos@MIT.EDU, adt@ARL.MIL, hpc-kerberos@ARL.MIL
Date: Sat, 23 Sep 95 11:27:54 EDT
The Army Research Lab has been investigating similar
mechanisms. The "latest and greatest" of which involves
public key cryptography and one-time-password (OTP)
generators. We pulled the rsaref library out of PGP and
integrated SecurID cards for this project. Here is a brief
synopsis of the trans actions:
There are a number of papers of interest to folks working on this problem:
@inproceedings{Lomas89,
author = {T. Mark A. Lomas and Li Gong and Jerome H. Saltzer and Roger M. Needham},
booktitle = {Proceedings of the Twelfth ACM Symposium on Operating Systems Principles},
month = {December},
organization = {SIGOPS},
pages = {14--18},
title = {Reducing Risks from Poorly Chosen Keys},
year = {1989}
}
@article{Gong93,
author = {Li Gong and Mark A. Lomas and Roger M. Needham and Jerome H. Saltzer},
title = {Protecting Poorly Chosen Secrets from Guessing Attacks},
journal = {{IEEE} Journal on Selected Areas in Communications},
volume = 11,
number = 5,
month = {June},
year = 1993,
pages = {648--656}
}
@inproceedings{kerblimit,
author = "Steven M. Bellovin and Michael Merritt",
booktitle = "USENIX Conference Proceedings",
address = "Dallas, TX",
month = "Winter",
year = "1991",
pages = "253--267",
title = "Limitations of the {Kerberos} Authentication System",
annote = {Available by ftp from ftp.research.att.com in
/dist/internet_security/kerblimit.usenix.ps}}.},
}
@inproceedings{ekeconf,
author = {Steven M. Bellovin and Michael Merritt},
address = {Oakland, CA},
booktitle = {Proc. IEEE Computer Society Symposium on Research in Security and Privacy},
month = {May},
pages = {72--84},
title = {Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks},
year = {1992},
annote = {Available by anonymous ftp from ftp.research.att.com in
/dist/smb/neke.ps.},
}
@inproceedings{a-eke,
author = {Steven M. Bellovin and Michael Merritt},
address = {Fairfax, VA},
title = {Augmented Encrypted Key Exchange},
year = {1993},
booktitle = {Proceedings of the First ACM Conference on Computer and Communications Security},
month = {November},
pages = {244--250},
annote = {Available by anonymous ftp from ftp.research.att.com in
/dist/smb/aeke.ps.},
}
