Attack on krb-priv and krb-safe messages

Danny Kruitbosch danny at
Sat Jun 1 11:11:27 EDT 2002


I've got 2 questions:

1. If a passive attacker who has successfully obtained a user's password,
how would the attacker be able to read the encrypted messages between the
client and server (KRB-PRIV messages). How would he decrypt them? What
steps should he follow? Can such a thing be prevented?

2. How would a active attacker who has succesfully obtained a user's
password insert messages of it's liking in the communication between
client and server (KRB-SAFE messages)? 

Any input on this would be great!



More information about the Kerberos mailing list