On Thu, Jan 31, 2002 at 10:03:34AM -0200, Andreas Hasenack wrote:
> I'm sure at least the developers have read Thomas Wu's paper[1]
> titled "A Real-World Analysis of Kerberos Password Security".
> Weak user passwords are not a new problem.
>
> Basically, he says that a dictionary attack can be quite effective,
> and cracked over 2,000 passwords in two weeks on a 25k user kerberos
> realm (and over 50% were 8 characters in length). Using pre-auth
> with timestamp doesn't make thing look much better, one can still
> sniff the network and make the same attack.
According to the folks at Stanford, they were kinda miffed about his
paper, in that he made some statements that could be considered
intellectually dishonest. Yes, he did crack over 2,000 passwords in
two weeks, and yes, this was with a password quality checker on the
adminserver in place. But what he failed to disclose was that the
password quality check had only recently been installed, and most of
the passwords which he caught would have been rejected by the password
quality checker.
So would he have gotten such an impressive results if he had done the
test only on passwords that had been vetted by the password quality
checker; that's very unclear.
At the time, the author did not disclose that the technique he was
pushing was patented, and although (he and Stanford) later made some
limited modes of SRP freely available under a patent license, that
wasn't the case at the time, and so at least some people questioned
whether his paper was simply a white paper trying to sell a technique
that he was trying to make money on.
It should be noted that since then, although Thomas Wu and Stanford
have made it available (thus neutralizing the previous concern), there
are other potential patent complications with using SRP, including the
Lucent EKE patent, and possibly the SPEKE patent as well. (The SPEKE
patent has incredibly broad claims, and while a patent attorney might
be able to argue that they are overly broad, trying to litigate any
kind of patent claim once the patent is issued is incredibly
expensive, even if the patent claims are pretty clearly a complete
abuse of the patent system.)
As a result, I would strongly encourage folks who are interested
in things like SRP to take a page from DVD players like xine, and
define a plug-in architecture so that shared libraries can contain the
SRP (or other password authentication and/or preauthentication) code.
That way, the base distribution of the software can be distributed
without any worries about patent entangelments, and software
components can be distributed in the parts of the free world where
software/algorithm patents aren't an issue. Individual users can then
decide on their own whether or not they feel comfortable grabbing the
plug-in module (or not) depending on what their read on the legal
situation is, and whether or not they believe they are judgement
proof. Aren't software patents fun?
- Ted
