Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!caen!uwm.edu!bionet!agate!riacs!stanford.edu!B.GP.CS.CMU.EDU!mdl From: mdl@B.GP.CS.CMU.EDU (Mark Lillibridge) Newsgroups: comp.protocols.kerberos Subject: Verifying passwords without getting new tickets Message-ID: <9105202128.AA19667@ATHENA.MIT.EDU> Date: 20 May 91 21:28:05 GMT References: <9105202054.aa04144@nss1.simpact.COM> Sender: news@shelby.stanford.edu (USENET News System) Organization: Internet-USENET Gateway at Stanford University Lines: 40 > From: Chris Riddick > > There is a way to render the dictionary attack ineffective. That is the use > of one-time passwords. With a onetime password, even a TGT that was stolen > simply by eavesdropping during login would not be useful. The password that > was extracted via the dictionary attack (other other cryptanalysis) was only > good for that login (i.e., TGT). The next time the user logs in, a > different password will be required. No. "One-time passwords" (this is really the wrong term for this, but I know what you mean from the previous time you explained yourself), do NOT by themselves render the dictionary attack ineffective. If the user chooses his/her own master password, the fact that one-time passwords are generated from it will not make the attack impossible. [The details of how to alter the attack to deal with this are left to the reader.] However, forcing the user to use a randomly generated password will render the dictionary attack useless. Granted, this is particularly easy to do when the user already has to carry a one-time password generator device around with him/her. > From: "Jon A. Rochlis" > > All you need to do is eavesdrop on X logging in once. > >That is *much* harder than simply asking for a ticket in somebody >else's name and therefore even though it's only a partial solution, it >add significant value. Security is a world of tradeoffs. > > -- Jon Jon's point above is important, however. Just because you can't protect against the attack, doesn't mean you can't make it harder. I don't remember off hand if krb5 actually prevents you from doing a dictionary attack without eavesdropping or setting off alarms. - Mark Lillibridge