Next: Using Robust Authentication
Up: Concerns with Kerberos
Previous: Secure RPC
- A dictionary attack on the response from a Kerberos server is possible
since the ticket-granting-ticket is returned encrypted using the user's
password as a key. The response to the user contains readable information.
An attacker may capture this response and perform a dictionary attack on
it until readable plaintext is produced.
- Tickets are kept in the memory on both clients and servers. The
protection of these tickets is then left to the strength of the protection
of the systems.
- Kerberos can be susceptible to a single-point-of-failure attack since
both clients and servers must rely on a Kerberos server to be granted and to
verify tickets. The Kerberos server's ability to
authenticate users with trust essentially relies on one master key.
Fri Oct 7 16:17:21 EDT 1994