What about weakness side of Kerberos?
Weaknesses of Kerberos The following are some of the potential weaknesses of Kerberos:
• The KDC can be a single point of failure. If the KDC goes down, no one can
access needed resources. Redundancy is necessary for the KDC.
• The KDC must be able to handle the number of requests it receives in a timely
manner. It must be scalable.
• Secret keys are temporarily stored on the users’ workstations, which means it
is possible for an intruder to obtain these cryptographic keys.
• Session keys are decrypted and reside on the users’ workstations, either in a
cache or in a key table. Again, an intruder can capture these keys.
• Kerberos is vulnerable to password guessing. The KDC does not know if a
dictionary attack is taking place.
• Network traffic is not protected by Kerberos if encryption is not enabled.
• If the keys are too short, they can be vulnerable to brute force attacks.
• Kerberos needs all client and server clocks to be synchronized.
Get answers to questions, share tips, and engage with the IT professional community at myITforum.
Are you a data center professional? Join AFCOM for the best data center insights.
Looking to get things done in web development? Hot Scripts offers tens of thousands of scripts you can use.
Database administrator? dBforums offers community insight on everything from ASP to Oracle, and get the latest news from Data Center Knowledge.
Presented by Steve Rachui
June 22nd & June 29th
Enroll Now and Save 20%
Presented by Michael Otey
Tuesday, May 24th
Enroll Now and Save 15%
View CatalogView Shopping Cart
Sponsored Introduction Continue on to (or wait seconds) ×