On Thu, Jan 31, 2002 at 02:18:11PM -0200, Andreas Hasenack wrote: > Em Thu, Jan 31, 2002 at 09:34:54AM -0500, Nicolas Williams escreveu: > But it's like using a weak lock on our front door and keeping an > eye on it instead of using a stronger lock and having a good night > of sleep.
Use pre-auth and shut up. > > Yes, but you're forcing the attacker to be more active and so you can > > try to detect her. > > "But I switched to kerberos so that, among other things, I wouldn't have > to worry about sniffers" :) Secure protocols involve cryptography. Cryptanalysts can use snooped ciphertext to mount cryptanalytic attacks (a dictionary attack on an encrypted timestamp is a brute force attack with known plaintext and known ciphertext). So ALL(*) cryptographic protocols are open to cryptanalysis and it's not a surprise that Kerberos is open to cryptanalysis. The question is how difficult is it to cryptanalyze Kerberos, and the answer is that pa-enc-timestamp is not terribly strong, whereas pa-srp would be stronger. (*) Quantum cryptographic protocols are another story. Let's not go there. You can't detect passive attacks, though you can make it difficult for an attacker to get to a situation where they can snoop. If an attacker can snoop then only good key management can protect you against the attacker's cryptanalysis tools. Password aging and password quality checks are part of good key management. Ok? > > And it's possible because Kerberos was designed with extensible pre-auth > > in mind. So there's nothing wrong with Kerberos, see? You can take issue > > with sites that do not require pre-auth and you can take issue with the > > good old pa-enc-timestamp, but Kerberos itself is just fine. And you > > have an upgrade path for new pre-auth types, whereas with NIS the only > > upgrade is to switch technologies altogether (yes, you can switch to > > I now think you really missed my smiley next to the text where I first > compared NIS and Kerberos. I was just pointing out that even kerberos, > this new (relatively) thing people are using, with single sign on and > many other nice features (such as extensibility) has this little thing > in common with NIS, which so many people hate (me included) and wrongly > thought was solved, since making sniffers useless was one of the goals > of the original paper. *sigh* You're still comparing coconuts to berries. > > IIRC, Microsoft supports smartcard pre-auth. > > I don't have the hardware. Too bad. > > Also, you can implement password quality checks at the KDC and you can > > force password aging as mitigation for snoop+dictionary attacks on weak > > passwords. > > This is the best workaround we can have for now I guess. It's a pretty good mitigation. Enjoy. Nico -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
