Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!dali.cs.montana.edu!caen!sdd.hp.com!elroy.jpl.nasa.gov!ncar!gatech!usenet.ins.cwru.edu!agate!stanford.edu!ATHENA.MIT.EDU!marc
From: marc@ATHENA.MIT.EDU (Marc Horowitz)
Newsgroups: comp.protocols.kerberos
Subject: Re: Verifying passwords without getting new tickets
Message-ID: <9105180827.AA13470@steve-dallas.MIT.EDU>
Date: 18 May 91 08:27:06 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Reply-To: Marc Horowitz <marc@MIT.EDU>
Organization: Internet-USENET Gateway at Stanford University
Lines: 18

>> The password is an integral part of the Kerberos authentication protocol.
>> It is used to decrypt the packet with the TGT returned by the Kerberos
>> server.  The protocol is set up to remove the need to send the password over
>> the wire.  Not even an encrypted password goes over the wire.  Rather, a
>> complete encrypted message is sent.  This removes the threat of dictionary
>> attacks against the password itself.

It is true that the password is never sent over the wire.  However,
this does not prevent dictionary attacks.  I can request from your
kerberos server a TGT for you, and then attack it in the privacy of my
own host in whatever way I want.  Once I can decrypt your TGT, I
effectively have your password, except I can't use kinit, since
stringtokey is irreversible.  And in this whole process, only one TGT
request will be logged.  There have been discussions on this list
about how to prevent this type of attack, but I don't know what was
adopted for krb5, if anything.

		Marc