[6720] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kerberos Weakness (COAST Findings)

daemon@ATHENA.MIT.EDU (Steve Lodin)
Wed Feb 21 11:01:16 1996

To: kerberos@MIT.EDU
Date: 21 Feb 1996 10:13:38 -0500
From: swlodin@cs.purdue.edu (Steve Lodin)


In article <312AA5FD.2E1A@dnai.com>, Michael Sierchio <kudzu@dnai.com> writes:
> Steve Lodin wrote:
> > 
> > There is information available on the Kerberos vulnerability incident at:
> 
> I am not sure, but I believe that this is nothing new.  Steve Bellovin at
> AT&T had a paper a number of years ago on weaknesses in the Kerberos
> Authentication Suite.

The Bellovin and Merritt paper described limitations in the Kerberos
authentication protocol, however, they never addressed the random number
generator.

That paper is one of many kerberos papers in the COAST Archive at:

	ftp://coast.cs.purdue.edu/pub/doc/kerberos


Steve
-- 
Steve Lodin 
Purdue - swlodin@cs.purdue.edu http://www.cs.purdue.edu/people/swlodin
Delco Electronics - swlodin@delcoelect.com (317)451-0479 
Home - swlodin@iquest.net http://www.iquest.net/~swlodin/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6720] in Kerberos

Re: Kerberos Weakness (COAST Findings)

daemon@ATHENA.MIT.EDU (Steve Lodin)Wed Feb 21 11:01:16 1996

daemon@ATHENA.MIT.EDU (Steve Lodin)
Wed Feb 21 11:01:16 1996