[992] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Bill Doster)
Thu Jun 14 15:24:05 1990
Date: Thu, 14 Jun 90 14:12:20 -0400
From: Bill Doster <billdo@ifs.umich.edu>
To: Mark Lillibridge <mdl@B.GP.CS.CMU.EDU>
Cc: billdo@ifs.umich.edu, kerberos@ATHENA.MIT.EDU
> The short answer: Because this scenario is also vulnerable to a
> dictionary attack. Suppose I wanted to break your password under the
> new scheme. I just wait until you log in, recording your data request
> in part 1. I now pretend to be Kerberos, and try and decrypt your
> initial request with each possible key until I succeed. Once I have a
> key that successfully decodes your request, I have found your key.
While it's true that this scenario is also vulnerable to a dictionary
attack, it reduces the possibilty of attack from
Anyone anywhere that speaks IP can at anytime attack any
account at any installation that uses Kerberos.
to
Anyone able to listen on the involved subnets must first
wait for the targeted individual to sign-on and then
record the that user's request.
While in absolute terms these may be equivalent, in terms of potential
likelihood, I think the number of probable attacks has been greatly
reduced. There may be even better solutions to these type of problems
and I'm not particularly attached to any one solution so long as it
gets implemented. My question then is what is the current solution
that Kerberos 5 *is* going to use?
Bill Doster
Univ. of Mich. -- Research Systems
billdo@ifs.umich.edu
