>(6) Salts have some interesting properties. In Unix, the salt is generally > regarded as a "secret", which can be securely commmunicated to > the login application. In Kerberos, the salt is public > information. Worse yet, the client doesn't generally have any > good way to securely acquire the salt, which means an active > attacker can supply bogus salt. This means the active attacker > can very likely dramatically simplify a dictionary attack by > forcing clients to use one chosen salt.
I think I'm missing some piece of the puzzle here. The default V5 salt is the complete principal name ... which a client already knows. But even if you manage to spoof the AS_REP and fool the client into using another salt ... he's just decrypting data on his end. How does that help you? (And won't KRB-ERROR checksums prevent this attack as well?) --Ken _______________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
