[938] in Kerberos
Kerberos passwords
daemon@ATHENA.MIT.EDU (Greg Hollingsworth)
Thu May 10 13:26:58 1990
Date: 9 May 90 00:57:00 GMT
From: uwm.edu!ogicse!dali!uakari.primate.wisc.edu!aplcen!gregh@RUTGERS.EDU (Greg Hollingsworth)
To: kerberos@ATHENA.MIT.EDU
It seems that one of the few faults of kerberos is that it ultimatly
relies on a password. This password is typically constant for some
relatively long period of time. Such a password can be obtained and
used by others. Passwords like this are difficult to control, users
can pass them out, or trojan horses can harvest them.
Several companies have produced products which generate pseudo-random
passwords cards that are combined with a fixed PIN (Personal
Identification Number) to create a password for access to systems.
The pseudo-random part of the number typically changes every minute or
so. This type of system eliminates many of the problems of password
control.
Have the designers of kerberos or anyone else considered incorporating
such a password scheme into the kerberos system. Instead of issuing a
standard password to kinit, one would issue a PIN and a pseudo-random
number instead. Such a system would remove the problem of 'constant
insecure' passwords.
Greg Hollingsworth (gregh@mailer.jhuapl.edu)
Johns Hopkins University Applied Physics Laboratory
