[936] in Kerberos
Re: Kerberos passwords
daemon@ATHENA.MIT.EDU (smb@ULYSSES.ATT.COM)
Thu May 10 13:26:43 1990
From: smb@ULYSSES.ATT.COM
To: gregh@mailer.jhuapl.edu
Cc: kerberos@ATHENA.MIT.EDU, mischu@allegra.att.com, thf@lancia.att.com
Date: Tue, 08 May 90 22:59:19 EDT
I agree with you completely. Tom Foregger (of Bell Labs) has proposed
a minor mod to the protocol. Let the server pick a random number R,
and transmit it in the clear along with the encrypted packet. Rather
than using Kc to do the encryption, {R}Kc is calculated, and that
quantity is used to encrypt the packet. At the user end, either
a hand-held authenticator can be employed to do the same calculation,
or, in low-threat environments, login (or kinit) could do it, making the
entire change quite transparent to the users.
