What about weakness side of Kerberos?
Weaknesses of Kerberos The following are some of the potential weaknesses of Kerberos:
• The KDC can be a single point of failure. If the KDC goes down, no one can
access needed resources. Redundancy is necessary for the KDC.
• The KDC must be able to handle the number of requests it receives in a timely
manner. It must be scalable.
• Secret keys are temporarily stored on the users’ workstations, which means it
is possible for an intruder to obtain these cryptographic keys.
• Session keys are decrypted and reside on the users’ workstations, either in a
cache or in a key table. Again, an intruder can capture these keys.
• Kerberos is vulnerable to password guessing. The KDC does not know if a
dictionary attack is taking place.
• Network traffic is not protected by Kerberos if encryption is not enabled.
• If the keys are too short, they can be vulnerable to brute force attacks.
• Kerberos needs all client and server clocks to be synchronized.
Join John Savill and become a Hyper-V Master!
This fully-updated master class gives you 12 hours of detailed instruction on all aspects of a Hyper-V based virtualization environment.
You'll explore current capabilities in Windows Server 2012 R2 and look to the future with Windows Server 2016.
Thursdays, April 28th through May 19th
Get answers to questions, share tips, and engage with the IT professional community at myITforum.
Are you a data center professional? Join AFCOM for the best data center insights.
Looking to get things done in web development? Hot Scripts offers tens of thousands of scripts you can use.
Database administrator? dBforums offers community insight on everything from ASP to Oracle, and get the latest news from Data Center Knowledge.
Presented by John Savill
Thursdays, April 28th-May 19th
Join John Savill for this fully...
Presented by Steve Rachui
May 11th & May 18th
Enroll Now and Save 20%
Presented by Michael Otey
Tuesday, May 24th
Enroll Now and Save 15%
View CatalogView Shopping Cart
Sponsored Introduction Continue on to (or wait seconds) ×