At 07:02 PM 8/28/99 -0400, Theodore Y. Ts'o wrote:
> From: Marc Horowitz <[EMAIL PROTECTED]>
> There are modifications to the kerberos protocol (EKE, SPEKE, and
> variants) which make offline brute-forcing impractical for a passive
> attacker. [...]
>
>And of course you can partionally protect against dictionary attacks by
>simply adding a password quality checker to the kadmin daemon so that
>lousy passwords can't be used in the first place.
Not true. Just by blocking the first million or so "lousy" passwords, you
still
don't block the next million
not-quite-as-"lousy"-but-still-not-cryptographically-strong
passwords, and so on. And while you play this loser's game, you make it
harder for many people to remember their passwords.
I see no good reason to endorse any protocol that unnecessarily permits
cracking of ANY passwords.
>And before someone points out the recent SRP paper, let me put in a
>premptive response. That paper neglects to mention that the university
>the author attacked only recently put in a password quality checker, and
>nearly all the passwords he grabbed were ones which predated the
>password quality checker. In fact, most of the captured passwords would
>have been rejected by the passowrd quality checker if it had been in use
>when the users' passwords were changed. I talked to the the I/T
>administrators at that university, and they were were livid about how
>the results were presented, because they were clearly misrepresented.
This is ridiculous. Tom presented results that were from a "real world"
setting,
as suggested by the title "A Real World Analysis of Kerberos Password
Security".
(www.Integritysciences.com/links.html#Wu99). Your statement that "those
passwords would not have been captured if they weren't used" is irrelevant.
Some of them would have been cracked. And noone can say how well the
cracker would have performed against the changed passwords.
No, it was not an "ideal" world, with perfect password checkers, and
perfect users.
Then again, maybe Tom did focus too exclusively on how strong protocols
solve the
problem, and maybe he ignored the marginal value of password quality checkers.
But I also wonder if your unnamed I/T admins may have been "livid" in part
because of the embarrassment of the situation, or because Kerberos was
so dear to their hearts and yet was so easily cracked.
>IMHO, that paper was more a white paper whose main goal was marketing
>author's patented technology; I was surprised the program committee
>allowed it to be published.
IMHO? Get off it Ted. There's nothing particularly H about your O. You
just hate patents.
Yet still I'm glad that there's no "program committee" reviewing the
Internet, so we
can have these friendly discussions. :-)
-- David
---------------------------------------------------
David P. Jablon [EMAIL PROTECTED]
President +1 508 898 9024
Integrity Sciences, Inc. www.IntegritySciences.com
