Kerberos holes (was Re: IPSEC == end of firewalls)
Rich Graves
llurch at networking.stanford.edu
Tue Jan 23 16:10:46 PST 1996
On Tue, 23 Jan 1996, Frank Willoughby wrote:
> At 10:30 AM 1/23/96 -0500, perry at piermont.com allegedly wrote:
> >
> >Frank Willoughby writes:
> >> While IP level security & authentication will go a long way to help
> >> prevent abuses and reduce unauthorized accesses, I doubt if it will
> >> provide enough protection by itself.
> >
> >I agree with this, but...
> >
> >> o Node Spoofing will probably still be possible
> >
> >Nope. It won't.
> >
> I disagree. I haven't met a system that couldn't somehow be gotten around.
> The creativity of hackers is succeeded only by their motivation and ability
> to put many hours into trying to solve a problem. Including the word
> "probably" was deliberate. Kerberos was also thought to be secure - 'til
> it was compromised. Software isn't bug-free & design or security
> methodologies can't provide 100% coverage. Hackers take advantage of
> this and inherent weaknesses in design flaws.
Clearly.
I keep hearing references to weaknesses in kerberos, which I more or less
rely on. What are the problems I should be worrying about? Preferably as
URLs.
Also, we have a new kerberos implementation for Macs that we're going to
roll out soon. I'll see if the project manager would be willing to let
other people take a look at it.
-rich
More information about the cypherpunks-legacy
mailing list