When analysing Kerberos exchange (and other similars as Needham, Denning, etc.)

Question

When analysing Kerberos exchange (and other similars as Needham, Denning, etc.) I wonder why the first message where the identities of the client and remote are not encrypted.

In case not encrypted I give a possible attacker the knowledge of who I want to communicate with. As the Client and KDC shares the key we can encrypt it and therefore not provide that information which can be used as a basics to bruteforce attack using for the return and encrypted message (I know 2 of the parameters).

Maybe it is a silly question, but ...

Edit: I don't mean to have IDa ciphered but the rest of the information in the KRB_AS_REQ, as for instance the IDtgs. If you keep that open an attacker knows at least who do you want to talk and therefore the KRB_AS_REP can be exploit.

Explanation / Answer

Encrypting the very first message sent from the client with the secret key would present significant issues for the Authentication Server. If this initial request were encrypted, the Authentication Server would not be able to determine which user made the request and therefore which secret key is needed to decrypt the same request.

This cleartext communication between client and server that you're observing is called the pre-authentication phase. This pre-authentication step was introduced in Kerberos5 to address a weakness wherein anybody could submit a request for a TGT for any user(principal) within the realm. This ticket response was encrypted with the user's secret key/password. Once an attacker obtained this encrypted ticket, an offline attack could then be performed to ascertain the user's password by attempting to decrypt the ticket.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.