Kerberos insecure
Christoph Riesenberger
riesi.news at gmx.at
Fri Dec 5 05:12:50 EST 2003
"Tom Yu" <tlyu at mit.edu> schrieb...
> Kerberos doesn't use symmetric-key Needham-Schroeder directly; it has
> been modified to use timestamps to avoid a freshness problem found by
> Burrows et al. in the BAN logic paper. Also, Lowe's attack was on
> public-key Needham-Schroeder, if I recall correctly.
Thanks, Tom. This means, Lowe's attack doesn't touch kerberos!?
2 other questions:
Kerberos uses symmetric keys. How can it guarantee, that a message/ticket
was not altered (integrity)?
How does logout work?
I really looked around but found no answers.
Chris
More information about the Kerberos
mailing list