From: Marc Horowitz <[EMAIL PROTECTED]>
Date: 28 Aug 1999 18:27:07 -0400
>> But I think kerberos is far from ideal here; I suspect you can mount a
>> dictionary attack [1] after recording some communication between you
>> and the kerberos server (correct me if this is utterly wrong).
There are modifications to the kerberos protocol (EKE, SPEKE, and
variants) which make offline brute-forcing impractical for a passive
attacker. I've never seen a widely deployed implementation,
presumably due to patent issues.
And of course you can partionally protect against dictionary attacks by
simply adding a password quality checker to the kadmin daemon so that
lousy passwords can't be used in the first place.
And before someone points out the recent SRP paper, let me put in a
premptive response. That paper neglects to mention that the university
the author attacked only recently put in a password quality checker, and
nearly all the passwords he grabbed were ones which predated the
password quality checker. In fact, most of the captured passwords would
have been rejected by the passowrd quality checker if it had been in use
when the users' passwords were changed. I talked to the the I/T
administrators at that university, and they were were livid about how
the results were presented, because they were clearly misrepresented.
IMHO, that paper was more a white paper whose main goal was marketing
author's patented technology; I was surprised the program committee
allowed it to be published.
- Ted
