Offline password attacks on AS-REQ
Andreas Hasenack
ahasenack at terra.com.br
Wed Jun 15 16:11:40 EDT 2005
On Wed, Jun 15, 2005 at 02:04:19PM +0000, brian.joh at comcast.net wrote:
> AS-REQ. I saw some discussion about this from a few years ago in the
> archives, but nothing recently. Is there a solution to this issue
> yet? If not, what progress has been made, and what direction is being
If I remember correctly, the advice given back then was:
- use hardware authentication
- use SRP (a patent discussion followed)
- implement a strong password policy
More information about the Kerberos
mailing list