CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Breaking Kerberos

Steve Lodin and Bryn Dole - Purdue University

Feb 23, 1996


In the design of the Kerberos protocol, random session keys are generated and used as part of the authentication process. Kerberos uses the sessions keys as shared secrets between clients and sercers, and as the basis of establishing the authenticity of service requests. Kerberos also creates a random key to act as the Kerberos server's secret key. The security of the whole system depends on the secrecy of these keys. However, due to the way that Kerberos chooses its random keys, these secret keys can be easily guessed in a matter of seconds with no more information than which week the key was generated.
In the Security Seminar on Friday, Steve Lodin and Bryn Dole will show the WRTV Channel 6 Wednesday night lead story on the Kerberos vulnerability and discuss how they discovered the vulnerability and exploited it.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.