Uploaded image for project: 'I&AM Kerberos'
  1. KRB-10

As a security-conscious Kerberos user, I want to get initial tickets using a password (and possibly a second factor) without exposing the password to dictionary attack.

    Details

    • Type: Story
    • Status: Moved to Trello (View workflow)
    • Priority: Normal
    • Resolution: Unresolved
    • Affects versions: None
    • Fix versions: krb5-1.15
    • Components: krb5
    • Labels:
      None
    • Sprint:

      Description

      Nathaniel McCallum is interested in creating a new pre-authentication mechanism which uses the SPAKE2 algorithm with elliptic curves to authenticate with passwords without allowing dictionary attacks. The mechanism will also allow strong, flexible integration with second-factor schemes.

      The specification of this mechanism is in progress, hosted at https://github.com/npmccallum/ietf

      Some pre-requisite facilities for this project were implemented for 1.14:

      http://k5wiki.kerberos.org/wiki/Projects/SPAKE_preauth_prereqs

        Attachments

          Activity

            People

            • Assignee:
              ghudson Greg Hudson (Inactive)
              Reporter:
              ghudson Greg Hudson (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Who's Looking?