Replaying and server side caching.

Derek Atkins warlord at MIT.EDU
Fri Apr 11 11:55:53 EDT 2003

Tom Yu <tlyu at MIT.EDU> writes:

> >>>>> "darrenr" == Darren Reed \(OSE\) <Darren> writes:
> darrenr> If the attacker can re-use a TGT request that has already been sent to
> darrenr> cause a valid TGT response to come back, then the attacker can gain
> darrenr> access where perhaps they previously could not.
> The TGT response won't do an attacker much good without the session
> key.

Except that an AS-REP is encrypted in the user's long-term key,
which allows for an offline dictionary attack.

> ---Tom


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list