Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!agate!stanford.edu!SIMPACT.COM!cjr
From: cjr@SIMPACT.COM (Chris Riddick)
Newsgroups: comp.protocols.kerberos
Subject: Verifying passwords without getting new tickets
Message-ID: <9105202054.aa04144@nss1.simpact.COM>
Date: 20 May 91 20:54:38 GMT
Article-I.D.: nss1.9105202054.aa04144
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 15

There is a way to render the dictionary attack ineffective.  That is the use
of one-time passwords.  With a onetime password, even a TGT that was stolen
simply by eavesdropping during login would not be useful.  The password that
was extracted via the dictionary attack (other other cryptanalysis) was only
good for that login (i.e., TGT).  The next time the user logs in, a 
different password will be required.

Granted, Mark was right in saying that the Kerberos protocol would have to
be altered.  However, only the TGT protocol would be modified.  All service
ticket requests would continue to be done as they are now.

By the way, in V5, the confounder was created to make cryptanalysis more
difficult by adding random padding to the front of the protocol packet.

Chris Riddick