[EMAIL PROTECTED] wrote:
On Tue, Nov 09, 2004 at 02:25:22PM +1100, James Gregory wrote:Yeah, that's the big thing. you have a limited period of time to use the token before you have to request another, losing any benefit to the original token.
On Tue, Nov 09, 2004 at 03:31:50PM +1100, Toliman wrote:
and it is 'relatively' secure, in that it would hopefully take a p4 a few hours to brute force... more likely in minutes.How long is 'a few hours'? I didn't think things were that dire. Are you
talking about a straight brute force or some kind of known-plaintext
attack or what?
Isn't the kerberos ticket only valid for a few minutes anyway?
So 1 hour, few hours ... doesn't matter at the moment.
Matt
but if you look at the tools that are used to break in, it isnt a quick process. it usually involves surveillance and/or subversively tapping into less secure systems/users to gain elevated privileges over time. like WEP and other cracking methods, the strategy is to watch the KBC/network segment for traffic, to identify the traffic for extended periods and cryptanalyse the tokens for common data, like the domains used, hosts, passwords, users, vulnerabilities on the infrastructure, things like that.
but it is essentially brute-force. it could take 1 attempt, or 20 million. or more. the central idea is to test the keyspace, the possible combinations of keys to choose from. since DES's key is 56 bits, the space to check is reduced, also using differential cryptananlysis and other methods. the same problem does not exist in 3DES, or AES, the brute force combinations are exponentially more difficult, it would require some very kooky math to weaken AES - reduce the possible combinations for a brute force to reduce the time necessary. hours might be pushing it, sure, and CISC/RISC processors are not that fast at non-specific tasks like DES cracking, so it might be a few hundred hours, split over hundreds of machines.
anyway ... as long as the master password isn't cracked, and a few other major passwords/logins used to wrap the databases and traffic to and from the KDC, the system is very much secure. the token expires after a few minutes, and the number of DES combinations to brute-force is still a high number, in the order of ~2^53 combinations for DES. however, since DES was/is used to wrap/secure a lot of the data travelling around the economic sectors, there is a lot of value in (very ruthless and organised cartels, organisations, 'family businesses') spending some serious money on distributed parallel processing to break DES before tokens expire.
for reference, the EFF proved how feasible it was in 1998, with a self-built FPGA setup, a deadline of 10 days in which to break the challenge, they developed a system to methodically crunch through ~92 billion combinations/day on a limited budget.
"We searched more than 88 billion keys every second, for 56 hours, before we found the right 56-bit key to decrypt the answer to the RSA challenge"
<http://www.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_descracker_pressrel.html>
there's always the human factor too. <http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis>
Toliman. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
