Overview of Kerberos weaknesses?

Rick van Rein rick at openfortress.nl
Fri Nov 22 06:09:21 EST 2013


When studying Kerberos literature, I sometimes bounce into statements regarding "the well-documented shortcomings of Kerberos".

I am aware of the problems due to weak principal passwords, and of the aggrevation of this risk due to the lack of Perfect Forward Secrecy.  I understand that clocks are assumed to be secure, which is rarely a fact.

What I don't know is if this is all I need to know.  I can find a few documents, but some appear really old.  Is there an overview documenting weaknesses in today's Kerberos?


More information about the Kerberos mailing list