[15710] in Kerberos_V5_Development
Re: Kerberos question
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Sat Apr 24 18:16:35 2010
Mime-Version: 1.0 (Apple Message framework v1078)
From: Ken Raeburn <raeburn@mit.edu>
In-Reply-To: <4BCFF902.1030900@gmail.com>
Date: Sat, 24 Apr 2010 18:16:30 -0400
Message-Id: <13AB3767-CB92-4A82-AE58-1B203B45A1FD@mit.edu>
To: Blaz Primc <expertmeant@gmail.com>
Cc: "krbdev@MIT.EDU Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="windows-1252"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Apr 22, 2010, at 03:21, Blaz Primc wrote:
> Yes, by brute force.
>
> And by an attacker, I mean the legitimate user that requested the ticket
> from KDC.
>
> Best regards, Blaž
>
> On 21/04/10 23:09, Greg Hudson wrote:
>> On Sat, 2010-04-17 at 14:36 -0400, Blaz Primc wrote:
>>> Couldn't an attacker do a known-plain-text attack on the second part of
>>> the message, because he knows what the "random key" is and by doing that
>>> acquire the service's long term key...?
>>
>> By "known-plain-text attack" you mean a brute-force key search?
With most reasonable symmetric cryptosystems in use today (i.e., not DES, which MIT is finally phasing out support for), you'd probably be talking about millennia or longer of work, even with lots of computing power available, unless some huge breakthrough is made in cracking one of the encryption algorithms. At least, that's if the random key generation is any good; this is the weak point in some crypto products, though I don't recall hearing of it affecting any modern Kerberos implementations.
Ken
--
Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev