Quote: synchronized clocks in Kerberos reject replay attacks without cost of challenge-response protocols; every connection has a new session-key; uses a replay cache

Quotation Skeleton

Synchronized clocks enable Kerberized applications to reject replay … The alternatives to timestamping are all variations on … [ref] … Challenge-response protocols avoid the complication of synchronizing, but … security goal. … [As well as efficiency] synchronization helps to ensure that every connection … attempt their cryptoanalysis. … To close [a] security hole [due to a five minute clock skew allowance], Kerberos introduced … minutes, the duration of the replay window. …   Google-1   Google-2

Copyright clearance needed for quotation.

Related Topics

Topic: security leaks and weaknesses (56 items)
Topic: authentication (87 items)