We introduce some modifications to the widely deployed Kerberos authentication protocol. The principle’s secretkey will be independent of the user password to overcome the weak passwords chosen by the network principal that are susceptible to password guessing attacks, the main drawback of the Kerberos protocol. Instead, the Kerberos Distribution Center saves a profile for every instance in its realm to generate the principle’s secret-key by hashing the profile, and encrypting the output digest. Besides, the lifetime of the secret-key is controlled using the system clock. Triple-Des is used for encryption, SHA-256 for hashing, and Blum Blum Shub for random number generation.
Eman El-Emam, Magdy Koutb, Hamdy Kelash, Osama S.