@ulysses.att.com:mischu@allegra.att.com (07/14/90)
Archive-name: kerberos-limits/13-Jul-90 Original-posting-by: @ulysses.att.com:mischu@allegra.att.com Original-subject: Paper: Limitations of the Kerberos Authentication System Archive-site: inet.att.com [192.20.225.2] Archive-directory: /dist Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) Michael Merritt and I have a paper on the limitations of Kerberos, which has been submitted to Computer Communications Review. A draft, in Postscript, is available for anonymous ftp from inet.att.com (192.20.225.2) in ~ftp/dist/kerblimit.ps. --Steve Bellovin smb@ulysses.att.com Abstract: The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent deficiencies in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.