[27351] in Kerberos
Re: One Time Identification, a request for comments/testing.
daemon@ATHENA.MIT.EDU (Jim Rees)
Fri Feb 2 13:23:18 2007
Date: Fri, 2 Feb 2007 10:05:09 -0500
From: Jim Rees <rees@umich.edu>
To: g.w@hurderos.org
Message-ID: <20070202150508.GB15920@citi.umich.edu>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <41189CE9-71F0-4602-A290-E708D0D6BF4F@wareonearth.com>
Cc: dev@directory.apache.org, krbdev@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
So would it be fair say this is sort of like using a smartcard in that you
need both possession of the token and knowledge of a PIN? And that the KDC
guards the PIN against brute force guessing, because each guess requires a
transaction against the KDC? So stealing the token gets the attacker
nothing?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos