Hi, I've got 2 questions:
1. If a passive attacker who has successfully obtained a user's password, how would the attacker be able to read the encrypted messages between the client and server (KRB-PRIV messages). How would he decrypt them? What steps should he follow? Can such a thing be prevented? 2. How would a active attacker who has succesfully obtained a user's password insert messages of it's liking in the communication between client and server (KRB-SAFE messages)? Any input on this would be great! Regards, Danny ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
