raeburn at MIT.EDU
Sat Apr 24 18:16:30 EDT 2010
On Apr 22, 2010, at 03:21, Blaz Primc wrote:
> Yes, by brute force.
> And by an attacker, I mean the legitimate user that requested the ticket
> from KDC.
> Best regards, Blaž
> On 21/04/10 23:09, Greg Hudson wrote:
>> On Sat, 2010-04-17 at 14:36 -0400, Blaz Primc wrote:
>>> Couldn't an attacker do a known-plain-text attack on the second part of
>>> the message, because he knows what the "random key" is and by doing that
>>> acquire the service's long term key...?
>> By "known-plain-text attack" you mean a brute-force key search?
With most reasonable symmetric cryptosystems in use today (i.e., not DES, which MIT is finally phasing out support for), you'd probably be talking about millennia or longer of work, even with lots of computing power available, unless some huge breakthrough is made in cracking one of the encryption algorithms. At least, that's if the random key generation is any good; this is the weak point in some crypto products, though I don't recall hearing of it affecting any modern Kerberos implementations.
Ken Raeburn / raeburn at mit.edu / no longer at MIT Kerberos Consortium
More information about the krbdev