Kerberos question

Blaz Primc expertmeant at
Sat Apr 17 14:36:17 EDT 2010


reading got 
me thinking. In the article the author states:

*One part contains the random key along with the service's name, 
encrypted with the user's long-term key; the other part contains that 
same random key along with the user's name, encrypted with the service's 
long-term key.*

Couldn't an attacker do a known-plain-text attack on the second part of 
the message, because he knows what the "random key" is and by doing that 
acquire the service's long term key...?

I may be missing something, because the description is general, but how 
does Kerberos handle that?

Best regards, Blaž

More information about the krbdev mailing list