On Dec 5, 2003, at 5:12 AM, Christoph Riesenberger wrote:
"Tom Yu" <[EMAIL PROTECTED]> schrieb...Kerberos functions under a trusted third-party model. Every service has a long-term key associated with its principal in the Kerberos database. Therefore, to ensure a ticket's integrity, the KDC encrypts the ticket contents with the long-term key associated with the service principal the ticket is issued for. The only two parties that know this key are the service and the KDC. Once the user sends this ticket (along with an authenticator to thwart replay attacks) to the service, then the service can decrypt and read the contents of the ticket with its long-term key.Kerberos doesn't use symmetric-key Needham-Schroeder directly; it has been modified to use timestamps to avoid a freshness problem found by Burrows et al. in the BAN logic paper. Also, Lowe's attack was on public-key Needham-Schroeder, if I recall correctly.
Thanks, Tom. This means, Lowe's attack doesn't touch kerberos!?
2 other questions:
Kerberos uses symmetric keys. How can it guarantee, that a message/ticket
was not altered (integrity)?
How does logout work?
In Kerberos, there is no such thing as 'logging out' - some Kerberos implementations will automatically destroy your credential cache when you log out of your local workstation. Others require a user to manually destroy their credential cache. Either way, tickets are only valid for a pre-determined period of time anyway, so a ticket that's already expired is of little use to an attacker. A ticket that is still valid may still be subject to IP address restrictions (although MS AD and other popular implementations request addressless tickets by default).
Shameless plug: you can find more information on Kerberos security topics in my O'Reilly book "Kerberos: the Definitive Guide".
Hope this helps.
-- jason
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
