MD5 passwords possible with Kerberos?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Feb 11 01:00:27 EST 2002
>(6) Salts have some interesting properties. In Unix, the salt is generally
> regarded as a "secret", which can be securely commmunicated to
> the login application. In Kerberos, the salt is public
> information. Worse yet, the client doesn't generally have any
> good way to securely acquire the salt, which means an active
> attacker can supply bogus salt. This means the active attacker
> can very likely dramatically simplify a dictionary attack by
> forcing clients to use one chosen salt.
I think I'm missing some piece of the puzzle here. The default V5 salt
is the complete principal name ... which a client already knows. But even
if you manage to spoof the AS_REP and fool the client into using another
salt ... he's just decrypting data on his end. How does that help you?
(And won't KRB-ERROR checksums prevent this attack as well?)
--Ken
More information about the Kerberos
mailing list