On 5/26/2017 11:08 AM, Adam Lewenberg wrote: > I am trying to understand the security benefits of requiring > pre-authentication. > > Consider this scenario: an attacker is trying to learn the password for > a service account, e.g., the principal used by the ssh service on some > server. The attacker already has the credentials for a user's account > (but not, of course, the service account he is attacking). The attacker > requests a service ticket for the account he is attacking. The attacker > then uses brute force (offline) to derive the service account's password. > > In the context where the attacker *already* has an account, requiring > pre-authentication does not help mitigate against this sort of attack.In > other words, pre-authentication helps against attacks from "outsiders" > but not from existing users. > > Is this correct? > > Thanks, Adam Lewenberg
Pre-authentication reduces the risk of brute force attacks against user principals by requiring proof that the requester knows the long term secret before issuing a response encrypted by that long term secret. Pre-authentication plays no role in preventing brute force attacks against encrypted service tickets. Once an authenticated user has obtained a service ticket from the KDC they are free to do with it what they will including attempts at brute-forcing the service's key. That is why it is so important to cease using weak encryption types for service keys including cross-realm services. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature