Andreas Hasenack wrote:
>
> Em Thu, Jan 31, 2002 at 08:41:40AM -0500, Nicolas Williams escreveu:
> > NIS is public. Kerberos is not. With NIS you just query the NIS servers
> > and you've got the hashes to work with. With Kerberos you must sniff the
> > wire to gather ciphertext for cryptanalysis.
>
> One of the premises of kerberos was to make sniffing useless. It's not
> useless anymore.
> Also, I can also just query the kerberos server just like NIS if
> preauthentication is not in place.
You just answered your own queation. PREAUTHENTICATION
The paper if I remember correctly was addressing Kerberos V4. V5
addresses these problems with preauthentication. Password change protocols
can force passowrd rules too.
>
> > In the real world today most LANs are switched and corporate WANs tend
> > to be encrypted. This makes it rather difficult to snoop on the wires.
>
> Not anymore, with tools such as dsniff and arpspoof it's really simple.
> They even have autoconf and nice manpages :)
>
> > Also, Kerberos is extensible with respect to pre-authentication. It is
>
> This is very nice, and one of the solutions pointed out in the paper.
>
> > possible, and has been done and discussed plenty, to design and
> > implement pre-auth types that mitigate for weak passwords. You can't say
> > the same for NIS. Some such pre-auth types involve one-time passwords,
> > others involve smartcards, others involve mixing users' keys with their
> > client hosts' keys for pre-auth, yet other pre-auth types involve SRP,
> > Diffie-Hellman exchanges, etc...
>
> Of curse NIS doesn't support this and never will. The comparison doesn't go
> that far. But the preauth most of us have right now is with timestamps,
> I guess. Which can be attacked in the same way, it's a known structure
> inside the packet and encrypted with the user's password.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
