On Thu, Jan 31, 2002 at 11:45:00AM -0500, Nicolas Williams wrote: > Use pre-auth and shut up.
Testy today, Nico? :-) > (a dictionary attack on an > encrypted timestamp is a brute force attack with known plaintext and > known ciphertext) No. Dictionary attacks and brute force attacks are very different things. The keyspaces are quite different. We worry about dictionary attacks. We don't worry so much (yet) about brute force attacks. > The question is how difficult is it to cryptanalyze > Kerberos, and the answer is that pa-enc-timestamp is not terribly > strong, Primarily because the encryption key is derived from a user-selected password. > If an attacker > can snoop then only good key management can protect you against the > attacker's cryptanalysis tools. Uh, no. Better cryptographic protocols can protect you. > Password aging and password quality checks are part of good key > management. Ok? What you don't seem to understand is that ``We have the technology.'' Using a better preauthentication method, whether it be EKE or SRP or PDM or what have you, can make it so that offline (offline!!) dictionary attacks are not possible _even in the face of poorly chosen passwords_. And users will always choose poor passwords, even with so-called `password quality' checks. Lazy users are good at finding minima. Brute force attacks and online dictionary attacks are always possible, but far less worrisome. Believe it or not (one couldn't tell from this thread ;-) I'm busy today, so I think this will be my last post on the subject for now. Cheers, -- Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos [EMAIL PROTECTED] . [EMAIL PROTECTED] . [EMAIL PROTECTED]
