Ted Lemon <mellon@hoffman.vix.com> writes:

> The attack I know about that sounds like this is the one where you
> request a TGT, and then do a brute force key search to try and crack
> it. Every year, this gets cheaper and easier.

Yes.

> K5 protects against this.

In what way? RFC1510 leaves the possibility of requiring having some
kind of pre-authentication before giving out any tickets, but the last
time I looked at any implementations of Kerberos 5, this feature was
not being used.

With the salt that was added the password guessing got harder, but it
did not become impossible.

> Doing a good integration would be expensive, but IMHO it's the only
> way to go - that's what you're doing with K4 anyway, isn't it?

Yes, but integration of what? In the best of real worlds it would be
generally recognized that `Well, this Kerberos 5 thing was pretty
nice, but it sure suffered from the second systems effect. Let's go on
with making version 6.'

> K4 is more stable, which makes maintaining the integration cheaper,
> but AFAIK that's the only real advantage.

Not only this, but since the protocol is very simple, the code is not
difficult to understand (which is somewhat of a prerequisite for easy
maintenance).

/Johan