|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
Packit Service |
99d1c0 |
<head>
|
|
Packit Service |
99d1c0 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
Packit Service |
99d1c0 |
<title>Addressing dictionary attack risks — MIT Kerberos Documentation</title>
|
|
Packit Service |
99d1c0 |
<link rel="stylesheet" href="../_static/agogo.css" type="text/css" />
|
|
Packit Service |
99d1c0 |
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
|
|
Packit Service |
99d1c0 |
<link rel="stylesheet" href="../_static/kerb.css" type="text/css" />
|
|
Packit Service |
99d1c0 |
<script type="text/javascript">
|
|
Packit Service |
99d1c0 |
var DOCUMENTATION_OPTIONS = {
|
|
Packit Service |
99d1c0 |
URL_ROOT: '../',
|
|
Packit Service |
99d1c0 |
VERSION: '1.18.2',
|
|
Packit Service |
99d1c0 |
COLLAPSE_INDEX: false,
|
|
Packit Service |
99d1c0 |
FILE_SUFFIX: '.html',
|
|
Packit Service |
99d1c0 |
HAS_SOURCE: true,
|
|
Packit Service |
99d1c0 |
SOURCELINK_SUFFIX: '.txt'
|
|
Packit Service |
99d1c0 |
};
|
|
Packit Service |
99d1c0 |
</script>
|
|
Packit Service |
99d1c0 |
<script type="text/javascript" src="../_static/jquery.js"></script>
|
|
Packit Service |
99d1c0 |
<script type="text/javascript" src="../_static/underscore.js"></script>
|
|
Packit Service |
99d1c0 |
<script type="text/javascript" src="../_static/doctools.js"></script>
|
|
Packit Service |
99d1c0 |
<link rel="author" title="About these documents" href="../about.html" />
|
|
Packit Service |
99d1c0 |
<link rel="index" title="Index" href="../genindex.html" />
|
|
Packit Service |
99d1c0 |
<link rel="search" title="Search" href="../search.html" />
|
|
Packit Service |
99d1c0 |
<link rel="copyright" title="Copyright" href="../copyright.html" />
|
|
Packit Service |
99d1c0 |
<link rel="next" title="Principal names and DNS" href="princ_dns.html" />
|
|
Packit Service |
99d1c0 |
<link rel="prev" title="SPAKE Preauthentication" href="spake.html" />
|
|
Packit Service |
99d1c0 |
</head>
|
|
Packit Service |
99d1c0 |
<body>
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
accesskey="C">Contents |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
accesskey="P">previous |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
accesskey="N">next |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
accesskey="I">index |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
accesskey="S">Search |
|
|
Packit Service |
99d1c0 |
feedback
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
|
|
Packit Service |
99d1c0 |
Addressing dictionary attack risks¶
|
|
Packit Service |
99d1c0 |
Kerberos initial authentication is normally secured using the client
|
|
Packit Service |
99d1c0 |
principal’s long-term key, which for users is generally derived from a
|
|
Packit Service |
99d1c0 |
password. Using a pasword-derived long-term key carries the risk of a
|
|
Packit Service |
99d1c0 |
dictionary attack, where an attacker tries a sequence of possible
|
|
Packit Service |
99d1c0 |
passwords, possibly requiring much less effort than would be required
|
|
Packit Service |
99d1c0 |
to try all possible values of the key. Even if password policy
|
|
Packit Service |
99d1c0 |
objects are used to force users not to pick trivial
|
|
Packit Service |
99d1c0 |
passwords, dictionary attacks can sometimes be successful against a
|
|
Packit Service |
99d1c0 |
significant fraction of the users in a realm. Dictionary attacks are
|
|
Packit Service |
99d1c0 |
not a concern for principals using random keys.
|
|
Packit Service |
99d1c0 |
A dictionary attack may be online or offline. An online dictionary
|
|
Packit Service |
99d1c0 |
attack is performed by trying each password in a separate request to
|
|
Packit Service |
99d1c0 |
the KDC, and is therefore visible to the KDC and also limited in speed
|
|
Packit Service |
99d1c0 |
by the KDC’s processing power and the network capacity between the
|
|
Packit Service |
99d1c0 |
client and the KDC. Online dictionary attacks can be mitigated using
|
|
Packit Service |
99d1c0 |
account lockout. This measure is not totally
|
|
Packit Service |
99d1c0 |
satisfactory, as it makes it easy for an attacker to deny access to a
|
|
Packit Service |
99d1c0 |
client principal.
|
|
Packit Service |
99d1c0 |
An offline dictionary attack is performed by obtaining a ciphertext
|
|
Packit Service |
99d1c0 |
generated using the password-derived key, and trying each password
|
|
Packit Service |
99d1c0 |
against the ciphertext. This category of attack is invisible to the
|
|
Packit Service |
99d1c0 |
KDC and can be performed much faster than an online attack. The
|
|
Packit Service |
99d1c0 |
attack will generally take much longer with more recent encryption
|
|
Packit Service |
99d1c0 |
types (particularly the ones based on AES), because those encryption
|
|
Packit Service |
99d1c0 |
types use a much more expensive string-to-key function. However, the
|
|
Packit Service |
99d1c0 |
best defense is to deny the attacker access to a useful ciphertext.
|
|
Packit Service |
99d1c0 |
The required defensive measures depend on the attacker’s level of
|
|
Packit Service |
99d1c0 |
network access.
|
|
Packit Service |
99d1c0 |
An off-path attacker has no access to packets sent between legitimate
|
|
Packit Service |
99d1c0 |
users and the KDC. An off-path attacker could gain access to an
|
|
Packit Service |
99d1c0 |
attackable ciphertext either by making an AS request for a client
|
|
Packit Service |
99d1c0 |
principal which does not have the +requires_preauth flag, or by
|
|
Packit Service |
99d1c0 |
making a TGS request (after authenticating as a different user) for a
|
|
Packit Service |
99d1c0 |
server principal which does not have the -allow_svr flag. To
|
|
Packit Service |
99d1c0 |
address off-path attackers, a KDC administrator should set those flags
|
|
Packit Service |
99d1c0 |
on principals with password-derived keys:
|
|
Packit Service |
99d1c0 |
kadmin: add_principal +requires_preauth -allow_svr princname
|