Is "SPN advertisement" or well-known SPNs a security hole?
Srinivas Kakde
srinivas.kakde at yahoo.com
Mon Jan 14 19:00:11 EST 2008
Jeffrey,
Thank you for your response. Now I have more questions:
Jeffrey Altman wrote:
> It would be like walking down the street looking
> for an undercover police officer and instead finding a drug dealer.
You
> decide to authenticate the undercover officer by calling the police
> precinct but instead of using a phone number for the precinct that you
> obtained from the Verizon phone book you ask the drug dealer for the
> phone number of the precinct. When you call the provided number, his
> accomplice answers and confirms that he is in fact a police officer.
This example assumes that I don't already have a prior relationship
with the precinct. I do have prior relationship with the precinct.
When the precinct responds to a officer validation request from me they
always conclude their message with a secret phrase that only the
precinct and I know. This way I know if I'm being tricked. Is this not
like Kerberos?
Jeffrey Altman wrote:
> The security of the authentication is based upon the name. By asking
> you to authenticate to a name selected by the attacker, you can be
> tricked into using a KDC that is in fact under the control of the
> attacker.
Are you sure this is right? I think in Kerberos, knowledge of a
shared secret (not knowledge of the principal name) is the foundation
for trust? In the case of a AS-REQ/AS-REP exchange, what would the malicious KDC
use to encrypt the EncKDCRepPart of the KDC-REP such that the decrypted
nonce would match what the client supplied in the KDC-REQ?
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
More information about the Kerberos
mailing list