Kerberos insecure
Tom Yu
tlyu at MIT.EDU
Thu Dec 4 15:06:42 EST 2003
>>>>> "Christoph" == Christoph Riesenberger <riesi.news at gmx.at> writes:
Christoph> Kerberos, I think, uses the Needham Schoeder protocol for
Christoph> key exchange. In 1995, Gavin Lowe has found an attack on
Christoph> this protocol. Is Kerberos now insecure, or has this been
Christoph> already patched?
Kerberos doesn't use symmetric-key Needham-Schroeder directly; it has
been modified to use timestamps to avoid a freshness problem found by
Burrows et al. in the BAN logic paper. Also, Lowe's attack was on
public-key Needham-Schroeder, if I recall correctly.
---Tom
More information about the Kerberos
mailing list