Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 1.18. Are there any known weaknesses in Kerberos?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Restaurant inspections ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.17. Are there security risks involved in cross-realm authentication?
Next Document: 1.19. What is preauthentication?
See reader questions & answers on this topic! - Help others by sharing your knowledge
Kerberos makes no provisions for host security; it assumes that it is
running on trusted hosts with an untrusted network. If your host security is
compromised, then Kerberos is compromised as well.

However, the degree to which Kerberos is compromised depends on the host
that is compromised. If an attacker breaks into a multi-user machine and
steals all of the tickets stored on that machine, he can impersonate the
users who have tickets stored on that machine .... but only until those
tickets expire.

Kerberos uses a principal's password (encryption key) as the fundamental
proof of identity. If a user's Kerberos password is stolen by an attacker,
then the attacker can impersonate that user with impunity.

Since the KDC holds all of the passwords for all of the principals in a
realm, if host security on the KDC is compromised, then the entire realm is
compromised.

In Kerberos 4, authenticators are valid for 5 minutes. If an attacker sniffs
the network for authenticators, they have a 5 minute window in which they
can re-use it and gain access to the same service you used. Kerberos 5
introduced a replay cache which prevents any authenticator from being used
more than once.

Since anybody can request a TGT for any user, and that ticket is encrypted
with the user's secret key (password), it is simple to perform a offline
attack on this ticket by trying to decrypt it with different passwords.
Kerberos 5 introduced preauthentication to solve this problem.

A excellent critique of Kerberos is:

   * S. M. Bellovin and M. Merritt. "Limitations of the Kerberos
     Authentication System"
     <ftp://research.att.com/dist/internet_security/kerblimit.usenix.ps>

It was written for Kerberos 4, but has an appendix which also covers
Kerberos 5.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.17. Are there security risks involved in cross-realm authentication?
Next Document: 1.19. What is preauthentication?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM