Offline password attacks on AS-REQ

[Jeffrey Altman]

brian.joh at comcast.net wrote:
>> If I remember correctly, the advice given back then was:
>> - use hardware authentication
>> - use SRP (a patent discussion followed)
>> - implement a strong password policy
> 
> 
> We have thousands of users to manage, so we're looking for
> a solution which is pretty much transparent to the existing
> Linux user base.  We'd prefer not to change our password
> policy, and we definitely can't distribute hardware to each
> user.
> 
> My knowledge of SRP is very limited, but it seems like it's
> another separate authentication protocol.  How were they
> going to "use it"?  Were they going to integrate certain
> features of SRP?  I don't understand.
> 
> Thanks!

In order to remove the ability to perform an offline attack
you must either use a pre-authentication mechanism that is not
based on using a fixed key derived from the user's password
or you must tunnel the AS-REQ within a secure channel that
protected by some non-Kerberos based authentication.

The suggestions to use hardware authentication and SRP as
pre-authentication mechanisms avoid the use of a fixed key
derived from the password.

The suggestion to use a strong password policy is to ensure
that the time it takes to perform an offline brute force
attack is sufficiently longer than the lifetime of passwords
in your organization.

There have been other proposals made within the IETF Kerberos
Working Group.  Unfortunately, due to existing patents and
the deployment strategies of some vendors we have not been
able to reach consensus on a single approach that would be
interoperable for all.

Jeffrey Altman


-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu