[32674] in Kerberos
Re: What happens if my KDC is compromised?
daemon@ATHENA.MIT.EDU (John Hascall)
Fri Sep 17 08:16:28 2010
To: Bram Cymet <bcymet@cbnco.com>
In-reply-to: Your message of Fri, 17 Sep 2010 07:28:11 -0400.
<4C9350CB.8000002@cbnco.com>
Date: Fri, 17 Sep 2010 07:16:06 CDT
Message-ID: <4177.1284725766@malison.ait.iastate.edu>
From: John Hascall <john@iastate.edu>
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> What would be the implications if my KDC was compromised and an attacker
> got a hold of the KDB or in my case the LDAP directory storing principal
> information?
The implication is you are now well and truly f***ed.
Were I wearing a black hat, the first thing I'd do
is install a modified kadmind<1> and steal the actual
passwords it sees.
Or if I was impatient, with 'kinit -C' I'd just forge
me some tickets.
If all they got was the KDB, then they would still have
the luxury of off-line cracking.
John
<1> As an aside, in fact, many years ago I did almost this very thing.
When we were discussing increasing our minimum password strength
standards from 5-chars/2-sets I used a modified kadmind to dump, not
actual passwords, but just statistical info. As expected, most people
did the minimum: well over half the passwords were 4 lowercase letters
followed by a digit). It was a pretty trivial exercise.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
