[27351] in Kerberos

home help back first fref pref prev next nref lref last post

Re: One Time Identification, a request for comments/testing.

daemon@ATHENA.MIT.EDU (Jim Rees)
Fri Feb 2 13:23:18 2007

Date: Fri, 2 Feb 2007 10:05:09 -0500
From: Jim Rees <rees@umich.edu>
To: g.w@hurderos.org
Message-ID: <20070202150508.GB15920@citi.umich.edu>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <41189CE9-71F0-4602-A290-E708D0D6BF4F@wareonearth.com>
Cc: dev@directory.apache.org, krbdev@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

So would it be fair say this is sort of like using a smartcard in that you
need both possession of the token and knowledge of a PIN?  And that the KDC
guards the PIN against brute force guessing, because each guess requires a
transaction against the KDC?  So stealing the token gets the attacker
nothing?
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post