Path: utzoo!utgpu!watserv1!watmath!att!rutgers!usc!zaphod.mps.ohio-state.edu!math.lsa.umich.edu!math.lsa.umich.edu!emv
From: @ulysses.att.com:mischu@allegra.att.com
Newsgroups: comp.archives
Subject: [comp.protocols.kerberos] Paper:  Limitations of the Kerberos Authentication System
Message-ID: <1990Jul13.223413.7211@math.lsa.umich.edu>
Date: 13 Jul 90 22:34:13 GMT
Sender: emv@math.lsa.umich.edu (Edward Vielmetti)
Reply-To: smb@ulysses.att.com, mischu@allegra.att.com
Followup-To: comp.protocols.kerberos
Organization: University of Michigan, Department of Mathematics
Lines: 27
Approved: emv@math.lsa.umich.edu (Edward Vielmetti)
X-Original-Newsgroups: comp.protocols.kerberos

Archive-name: kerberos-limits/13-Jul-90
Original-posting-by: @ulysses.att.com:mischu@allegra.att.com
Original-subject: Paper:  Limitations of the Kerberos Authentication System
Archive-site: inet.att.com [192.20.225.2]
Archive-directory: /dist
Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti)

Michael Merritt and I have a paper on the limitations of Kerberos,
which has been submitted to Computer Communications Review.  A draft,
in Postscript, is available for anonymous ftp from inet.att.com
(192.20.225.2) in ~ftp/dist/kerblimit.ps.


		--Steve Bellovin
		smb@ulysses.att.com


Abstract:
	The Kerberos authentication system, a part of MIT's Project
	Athena, has been adopted by other organizations.  Despite
	Kerberos's many strengths, it has a number of limitations and
	some weaknesses.  Some are due to specifics of the MIT
	environment; others represent deficiencies in the protocol
	design.  We discuss a number of such problems, and present
	solutions to some of them.  We also demonstrate how
	special-purpose cryptographic hardware may be needed in some
	cases.