Em Thu, Jan 31, 2002 at 08:41:40AM -0500, Nicolas Williams escreveu: > NIS is public. Kerberos is not. With NIS you just query the NIS servers > and you've got the hashes to work with. With Kerberos you must sniff the > wire to gather ciphertext for cryptanalysis.
One of the premises of kerberos was to make sniffing useless. It's not useless anymore. Also, I can also just query the kerberos server just like NIS if preauthentication is not in place. > In the real world today most LANs are switched and corporate WANs tend > to be encrypted. This makes it rather difficult to snoop on the wires. Not anymore, with tools such as dsniff and arpspoof it's really simple. They even have autoconf and nice manpages :) > Also, Kerberos is extensible with respect to pre-authentication. It is This is very nice, and one of the solutions pointed out in the paper. > possible, and has been done and discussed plenty, to design and > implement pre-auth types that mitigate for weak passwords. You can't say > the same for NIS. Some such pre-auth types involve one-time passwords, > others involve smartcards, others involve mixing users' keys with their > client hosts' keys for pre-auth, yet other pre-auth types involve SRP, > Diffie-Hellman exchanges, etc... Of curse NIS doesn't support this and never will. The comparison doesn't go that far. But the preauth most of us have right now is with timestamps, I guess. Which can be attacked in the same way, it's a known structure inside the packet and encrypted with the user's password.
