Breaking Kerberos
Page Content
Steve Lodin and Bryn Dole
Feb 23, 1996
Abstract
In the design of the Kerberos protocol, random session keys are generated and used as part of the authentication process. Kerberos uses the sessions keys as shared secrets between clients and sercers, and as the basis of establishing the authenticity of service requests. Kerberos also creates a random key to act as the Kerberos server's secret key. The security of the whole system depends on the secrecy of these keys. However, due to the way that Kerberos chooses its random keys, these secret keys can be easily guessed in a matter of seconds with no more information than which week the key was generated.In the Security Seminar on Friday, Steve Lodin and Bryn Dole will show the WRTV Channel 6 Wednesday night lead story on the Kerberos vulnerability and discuss how they discovered the vulnerability and exploited it.
© 1999-2013 Purdue University. All rights reserved.
Use/Reuse Guidelines
CERIAS Seminar materials are intended for educational, non-commercial use only and any or all commercial use is prohibited. Any use must attribute "The CERIAS Seminar at Purdue University." Opinions expressed in the recordings are not necessarily representative of the views of CERIAS or of Purdue University.
Footer
RSS Feeds
Combined XML Feed
News XML Feed Events XML Feed Weblogs XML Feed Security Seminar Podcast
Twitter: @cerias, @ceriasarchive, #cerias
CERIAS, Purdue University / Recitation Building / 656 Oval Drive / West Lafayette IN 47907-2086
phone (765)494-7841 / fax (765)496-3181
Copyright © 2013, Purdue University, all rights reserved. Purdue University is an equal access/equal opportunity university.
If you have trouble accessing this page because of a disability, please contact the CERIAS webmaster at webmaster@cerias.purdue.edu. Some content on this site may require the use of a special plug-in or application. Please visit our plug-ins page for links to download these applications.
Privacy Policy
