[1769] in Kerberos_V5_Development
Re: protocol flaw (160 lines) (was: krbdev vs krbcore)
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Fri Sep 20 15:30:43 1996
Date: Fri, 20 Sep 1996 15:30:17 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: Mark Eichin <eichin@cygnus.com>
Cc: "Donald T. Davis" <don@cam.ov.com>, tytso@MIT.EDU, don@MIT.EDU,
krbcore@MIT.EDU
In-Reply-To: [1768]
I'm not convinced that not returning "principal unknown" will help.
Typically, users and administrators log in from a single or a small
number of places. An attacker that is willing to watch the network
waiting for "principal unknown" messages will be just as happy to
watch those machines for krbtgt requests for a principal other than
the standard principal logging in from each machine. In fact, over
time the attacker could build up a list of known principals in the
realm and write his tool simply to flag any unknown principal from any
machine as a possible password.
Barry
