[15689] in Kerberos_V5_Development
Kerberos question
daemon@ATHENA.MIT.EDU (Blaz Primc)
Wed Apr 21 16:50:15 2010
Message-ID: <4BC9FFA1.1090203@gmail.com>
Date: Sat, 17 Apr 2010 20:36:17 +0200
From: Blaz Primc <expertmeant@gmail.com>
MIME-Version: 1.0
To: krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi,
reading http://www.bsdlover.cn/?uid-129-action-viewspace-itemid-855 got me thinking. In the article the author states:
*One part contains the random key along with the service's name, encrypted with the user's long-term key; the other part contains that same random key along with the user's name, encrypted with the service's long-term key.*
Couldn't an attacker do a known-plain-text attack on the second part of the message, because he knows what the "random key" is and by doing that acquire the service's long term key...?
I may be missing something, because the description is general, but how does Kerberos handle that?
Best regards, Blaž_______________________________________________krbdev mailing list krbdev@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev