Hi all,
I am kinda new to Kerberos, but I have read that one of the biggest
drawbacks of Kerberos is that the passwords need to be stored
cleartext on the master server, a BIG security risk..
Just like Unix passwords are never stored cleartext, but always
hashed, why not do the same thing with K
[EMAIL PROTECTED] (Sandeep) wrote in news:b04cb7e1.0202090859.3d9370b3
@posting.google.com:
> I am kinda new to Kerberos, but I have read that one of the biggest
> drawbacks of Kerberos is that the passwords need to be stored
> cleartext on the master server, a BIG security risk..
>
I don't thi
[EMAIL PROTECTED] (Sandeep) writes:
> Hi all,
>
> I am kinda new to Kerberos, but I have read that one of the biggest
> drawbacks of Kerberos is that the passwords need to be stored
> cleartext on the master server, a BIG security risk..
>
> Just like Unix passwords are never stored cleartext, b
>(6) Salts have some interesting properties. In Unix, the salt is generally
> regarded as a "secret", which can be securely commmunicated to
> the login application. In Kerberos, the salt is public
> information. Worse yet, the client doesn't generally have any
> good wa
Sandeep wrote:
> Just like Unix passwords are never stored cleartext, but always
> hashed, why not do the same thing with Kerberos?
Because Kerberos does not actually do password authentication. It sets up
a secure link between the two principles.
Suppose Alice and Bob want to communicate. T
On Sat, 9 Feb 2002, Marcus Watts wrote:
> Here is an incomplete list of weaknesses that you might find more useful
> to consider:
> (1) Most production kerberos realms still use regular DES and no preauth.
> This means they should not be used to protect any secret
> worth more than $
[EMAIL PROTECTED] (Ian Downard) writes:
>> Here's a quote from Tom Wu's paper
>> (http://theory.stanford.edu/~tjw/krbpass.html):
>>
>> "While this is an improvement relative to Kerberos V4, an attacker
>> with a network sniffer can still carry out the same off-line
>> dictionary attack against
