[39448] in Kerberos

home help back first fref pref prev next nref lref last post

Re: is there a way to detect if user is using same incorrect password

daemon@ATHENA.MIT.EDU (Brent Kimberley via Kerberos)
Fri Aug 9 17:49:04 2024

To: "kerberos@mit.edu" <kerberos@mit.edu>, Jim Shi <hjshi@yahoo.com>
Date: Fri, 9 Aug 2024 21:47:38 +0000
Message-ID: <YT3PR01MB105442848DCB2A1B76D1EB6E6FABA2@YT3PR01MB10544.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <887838909.3164322.1723239377924@mail.yahoo.com>
Content-Language: en-US
MIME-Version: 1.0
From: Brent Kimberley via Kerberos <kerberos@mit.edu>
Reply-To: Brent Kimberley <Brent.Kimberley@Durham.ca>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Re-using the salt might negatively impact the security proof.
https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#section-3.1
________________________________
From: Kerberos <kerberos-bounces@mit.edu> on behalf of Jim Shi via Kerberos <kerberos@mit.edu>
Sent: Friday, August 9, 2024 5:36 PM
To: kerberos@mit.edu <kerberos@mit.edu>
Subject: is there a way to detect if user is using same incorrect password in authentication

Hi, we have a required to detect  if a client is using same incorrect password in in authentication against KDC.
Is it possible the KDC server can determine if client is using same incorrect password?
Thanks
Jim
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos<https://mailman.mit.edu/mailman/listinfo/kerberos>
THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post