[592] in Kerberos
Re: password checking
daemon@TELECOM.MIT.EDU (Jennifer Steiner)
Wed Jan 11 10:01:03 1989
To: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Cc: kerberos@ATHENA.MIT.EDU, sms-dev@ATHENA.MIT.EDU
From: Jennifer Steiner <steiner@ATHENA.MIT.EDU>
> The second bogus idea is that sending keys in string-to-key form
> means that you don't have to trust the Kerberos administrator. While
> it is true that not sending ASCII form passwords means that the
> administrator can't make a list of ASCII passwords, it is still
> possible, given only the key form of the password, for the
> administrator to compile a list of keys and write a version of kinit
> that uses those keys by simply skipping the string-to-key step. I
> remain unconvinced that sending the ASCII password to Kerberos is a
> significant security exposure.
It wasn't meant to be quite that bogus. Granted, my current DES
key can be used just as well as my password to impersonate
"steiner@athena.mit.edu". But knowing the password is more useful
than the DES key. If a hypothetical evil Athena Kerberos administrator
has access to passwords, she can notice that my password this month
is "JanA1" and next month is "FebB2", and even if she is fired from
her administrator job for unscrupulousness, she may be able to guess
what my March password will be. This wouldn't be easy if she only
had access to the DES version of my password.
Worse, she may be able to break into my account in the "andrew.mit.edu"
realm, which is not supposed to have to trust other Kerberos
administrators. I might be using a similar password-generating
algorithm (or even the same password, as Bill points out) in that realm
as in the Athena realm. If the administrator only had access to
the DES key, and if the string_to_key algorithm is "seeded" with
the realm name or something as proposed, should wouldn't be able
to guess my Andrew password or key, given my Athena key.
Jennifer
