Kerberos V4: Dilip Meena 1291/06 Ece 4
Kerberos V4: Dilip Meena 1291/06 Ece 4
Kerberos V4: Dilip Meena 1291/06 Ece 4
DilipMeena
1291/06
Ece4
Kerberos, v4 and v5
Provides
Standard
Jack
Kbob
Kalice
Alice
Mary
Tom
KDC
Paul
Peter
Dick
Jip
Trudi Harry
Alice
(human)
logs on
to
Alice,
(PC)
Alice
Alice PC
Key
{Ka,{TGT;Kk};
hashes
Dist.
Kak}
Alice's
Ctr
passwork
Alice wants
gen.s
to get a
Bob,{TGT;Kk},
DES Key,
Kab,
{time;Ka}
Kalice=Ka{Bob,Kab,Ticket has
Kk
-Bob; Ka}
Bob has
Shared
Secret Key
with KDC,
Kbob
{time; Kab},
{Kab,Alice; Kbob} ="Ticket"
{time + 1, Kab}
Host
Slave
KDC
Host
Host
Host
Host
Slave
KDC
Host
Host
Master
KDC{db;Kmaster} Slave
KDC
Host
Host
Slave Host
Slave
KDC
Realm KDC
Host
Replicated
Entire
KDC
(Hatter)
KDC
(Lion)
Lion
1
Alice
Realm
Wonderland
2
3
Dorothy
Realm
Oz
Plaintext
Cipher Block ChainingP(CBC)
IV
m1
m2
m3
(+)
(+)
(+)
c1
c2
c3
Key
Password security
OriginallyUNIXstoredahashofeachUserspasswordina
globallyreadableaccount.Thiscanbeattackedbyhashing
allcommonwordsforareverselookuptable.
Add
realm name to password before hashing for pw db
11
EntropyofData,H
Bonus
H=sum[i=1tok]{Pi*log2(1/Pi)}
(bitsofinformationpersymbol)
Where:
k=numberofstates(orsymbols)
Pi=probabilityoftheithstate(ni/N)
Ifthesymbolsarebinarynumberswith8bits:
H=8>completedisorderorrandomness
H<8>someorder(ASCIItext,H=45bits)
13