I'm sure at least the developers have read Thomas Wu's paper[1] titled "A Real-World Analysis of Kerberos Password Security". Weak user passwords are not a new problem.
Basically, he says that a dictionary attack can be quite effective, and cracked over 2,000 passwords in two weeks on a 25k user kerberos realm (and over 50% were 8 characters in length). Using pre-auth with timestamp doesn't make thing look much better, one can still sniff the network and make the same attack. So, the question I'm about to make is this: how can this be better than NIS, for example? :) I can grab password hashes from NIS (either via ypcat or sniffing the network) and run a dictionary attack on them, the same thing I can do with kerberos it seems. What am I missing? It also doesn't seem to matter if I use DES or 3DES, as dictionary attacks are far easier than DES. Has somebody implemented SRP as suggested in the paper? [1]http://www.isoc.og/ndss99/procedings/papers/wu.pdf
