On Mon, 30 Aug 1999, David Jablon wrote:
> At 07:02 PM 8/28/99 -0400, Theodore Y. Ts'o wrote:
> > From: Marc Horowitz <[EMAIL PROTECTED]>
> > There are modifications to the kerberos protocol (EKE, SPEKE, and
> > variants) which make offline brute-forcing impractical for a passive
> > attacker. [...]
> >
> >And of course you can partionally protect against dictionary attacks by
> >simply adding a password quality checker to the kadmin daemon so that
> >lousy passwords can't be used in the first place.
>
> Not true. Just by blocking the first million or so "lousy" passwords, you
> still
> don't block the next million
> not-quite-as-"lousy"-but-still-not-cryptographically-strong
> passwords, and so on. And while you play this loser's game, you make it
> harder for many people to remember their passwords.
- There's no such thing as a "cryptographically" strong password.
Cryptography is the science of using an existing secret.
Whether a secret is hard or easy to guess involves icky human
factors.
>
> I see no good reason to endorse any protocol that unnecessarily permits
> cracking of ANY passwords.
>
> >And before someone points out the recent SRP paper, let me put in a
> >premptive response. That paper neglects to mention that the university
> >the author attacked only recently put in a password quality checker, and
> >nearly all the passwords he grabbed were ones which predated the
> >password quality checker. In fact, most of the captured passwords would
> >have been rejected by the passowrd quality checker if it had been in use
> >when the users' passwords were changed. I talked to the the I/T
> >administrators at that university, and they were were livid about how
> >the results were presented, because they were clearly misrepresented.
>
> This is ridiculous. Tom presented results that were from a "real world"
> setting,
> as suggested by the title "A Real World Analysis of Kerberos Password
> Security".
> (www.Integritysciences.com/links.html#Wu99). Your statement that "those
> passwords would not have been captured if they weren't used" is irrelevant.
> Some of them would have been cracked. And noone can say how well the
> cracker would have performed against the changed passwords.
>
> No, it was not an "ideal" world, with perfect password checkers, and
> perfect users.
> Then again, maybe Tom did focus too exclusively on how strong protocols
> solve the
> problem, and maybe he ignored the marginal value of password quality checkers.
>
> But I also wonder if your unnamed I/T admins may have been "livid" in part
> because of the embarrassment of the situation, or because Kerberos was
> so dear to their hearts and yet was so easily cracked.
>
- As one of the sysadmins involved, I can tell you that Mr. Wu's
"paper" was no suprise to anybody. We were livid because of Mr. Wu's
questionable ethics.
> >IMHO, that paper was more a white paper whose main goal was marketing
> >author's patented technology; I was surprised the program committee
> >allowed it to be published.
>
> IMHO? Get off it Ted. There's nothing particularly H about your O. You
> just hate patents.
> Yet still I'm glad that there's no "program committee" reviewing the
> Internet, so we
> can have these friendly discussions. :-)
>
> -- David
>
> ---------------------------------------------------
> David P. Jablon [EMAIL PROTECTED]
> President +1 508 898 9024
> Integrity Sciences, Inc. www.IntegritySciences.com
>
