Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!iuvax!cica!tut.cis.ohio-state.edu!pt.cs.cmu.edu!andrew.cmu.edu!jb7m+
From: jb7m+@andrew.cmu.edu (Jon C. R. Bennett)
Newsgroups: comp.protocols.kerberos
Subject: Re: Dictionary attacks
Message-ID: <waSJlti00Ug_4_Gs9s@andrew.cmu.edu>
Date: 15 Jun 90 22:08:57 GMT
References: <UaSBcy=0Bww25YSmBx@transarc.com>,
	<1990Jun15.164640.5090@terminator.cc.umich.edu>
Organization: Carnegie Institute of Technology, Carnegie Mellon, Pittsburgh, PA
Lines: 23
In-Reply-To: <1990Jun15.164640.5090@terminator.cc.umich.edu>


	
> In article <UaSBcy=0Bww25YSmBx@transarc.com> Ted_Anderson@TRANSARC.COM writes:
> 
> I believe that the confounder was introduced to (surprisingly) confound
> this attack. The confounder is a random number at the beginning of the
> encrypted packet, thus removing the possibility for the attack above.
> 
> wes

you better make sure that the (psudo)random number generator you are using
is REALY good, if not, all you are doing is effectivly give the attacker
more cleartext to play with!

in general having the server send the ticket back encrypted in the users
key in reponse to any request is bad simply because it gives away
information with can be used in an attack, forcing the client to send the
request encrpted in the users key (where the request can be time stamped
to prevent reuse by someone with access to the subnet and have a random
number appended to the front to hinder stream encrypted DES attacks)
prevents the release of more information then necessary.

jon