Replaying and server side caching.

Derek Atkins warlord at MIT.EDU
Fri Apr 11 12:47:32 EDT 2003

Nicolas Williams <Nicolas.Williams at> writes:

> On Fri, Apr 11, 2003 at 11:55:53AM -0400, Derek Atkins wrote:
> > Tom Yu <tlyu at MIT.EDU> writes:
> > > The TGT response won't do an attacker much good without the session
> > > key.
> > 
> > Except that an AS-REP is encrypted in the user's long-term key,
> > which allows for an offline dictionary attack.
> Except that if the attacker has an AS-REQ with valid enc-timestamp
> pre-auth to replay then the attacker has material encrypted in the
> user's long term key and can already mount an offline dictionary attack
> (and if pre-auth is not required then the attacker can always get a
> ticket encrypted in the user's long term key without having to capture
> and replay any AS-REQs).


> Though I suppose that it might be easier to mount a dictionary attack
> against an AS-REP's enc-part than against a pa-enc-timestamp.  Is it?

I think there is more known plaintext in the AS-REP enc-part,
but I'm not sure..

> Nico


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list