Kerberos 5/6

• Major drawbacks and shortcomings:

  • The KDC must be completely trusted (ìbig brotherî-property)
  • Verifiable password guessing attacks

• Any proposal to overcome these drawbacks and short-comings must use public key cryptography

• Proposal to overcome the ìbig brotherî-property:

  • Yaksha (Ganesan et al.)
  • Public key extensions for Kerberos (IETF KRB-WG)

• Proposals to protect against verifiable password guessing attacks:

  • Encrypted Key Exchange (EKE)
  • Similar proposals by Gong et al.

Previous slide

Next slide

Back to first slide

View graphic version