On Thu, Jan 31, 2002 at 10:03:34AM -0200, Andreas Hasenack wrote: > So, the question I'm about to make is this: how can this be better > than NIS, for example? :) > > I can grab password hashes from NIS (either via ypcat or sniffing > the network) and run a dictionary attack on them, the same thing > I can do with kerberos it seems. What am I missing?
NIS is public. Kerberos is not. With NIS you just query the NIS servers and you've got the hashes to work with. With Kerberos you must sniff the wire to gather ciphertext for cryptanalysis. In the real world today most LANs are switched and corporate WANs tend to be encrypted. This makes it rather difficult to snoop on the wires. (In the Internet, as opposed to the intranet, WANs are not often encrypted though.) So in the real world an attacker has to be more active to perform dictionary attacks on Kerberos than on NIS. Also, Kerberos is extensible with respect to pre-authentication. It is possible, and has been done and discussed plenty, to design and implement pre-auth types that mitigate for weak passwords. You can't say the same for NIS. Some such pre-auth types involve one-time passwords, others involve smartcards, others involve mixing users' keys with their client hosts' keys for pre-auth, yet other pre-auth types involve SRP, Diffie-Hellman exchanges, etc... > It also doesn't seem to matter if I use DES or 3DES, as dictionary > attacks are far easier than DES. It does matter which enctype you use as slower enctypes slow down the attacker. > Has somebody implemented SRP as suggested in the paper? I don't know, but it certainly has been discussed. But it would be good if someone did as SRP cannot be attacked passively AFAIU, short of a cryptanalytic breakthrough. But SRP does not stop dictionary attacks altogether as an attacker can still mount an active dictionary attack. > [1]http://www.isoc.og/ndss99/procedings/papers/wu.pdf Cheers, Nico -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
