Kerberos has FAST for truly addressing the offline dictionary attack issues with PA-ENC-TIMESTAMP. FAST is basically tunneling, encrypting using some other ticket. With PKINIT w/ anonymous client's it's pretty easy to get this to be good enough, but Windows / AD doesn't support that, so instead you have to use a computer account to get the outer FAST tunnel's ticket, which works if you're joined to the domain, and doesn't work otherwise.
There's also work on a PAKE (zero-knowledge password proof protocol) which also solves the problem. Unfortunately the folks who worked on that did not also add an asymmetric PAKE, so the KDC still stores password equivalents :(
> Rotating the KDC/krbtgt credential is also still a nightmare.
I've done a bunch of work in Heimdal to make key rotation not a nightmare. But yeah, AD needs to copy that. I think the RedHat FreeIPA people are working on similar ideas.
> That's a nice dream, but in reality 20 years from know there will still be domain controllers on enterprise networks.
SSPI and Kerberos are super entrenched in the Windows architecture. IMO MSFT should build an SSP that uses JWTs over TLS, using PKI for server auth and JWT for client auth, using Kerberos principal names as claims in the JWTs and using the PKINIT SAN in server certs to keep all the naming backwards compatible. To get at the "PAC" they should just have servers turn around and ask a nearby DC via NETLOGON.
Do you now if FAST and the work on PAKE is available for use in AD?
Heimdal looks very cool, I'm reading up on it to learn about it a bit more. Also, nice work on the SEO! On ddg, searching for "Heimdal" gives your site as the #1 result, beating even wikipedia for the namesake.
Active Directory does support FAST. It also supports tunneling over HTTPS, which also buys protection for weak pre-authentication mechanisms.
Idk about AD and PAKE.
Heimdal is really cool, though currently a bit on the abandonware side, but I'm working on a huge PR that should lead to us doing an 8.0 release with lots of pent-up and very cool features.
What's most cool about Heimdal is the build-a-compiler-for-it ethic that its Swedish creators brought to it. That's why it has a very nice ASN.1 compiler. That's why it has three other internal compilers, one for com_err-style error definition files, one for certificate selection queries, and one for sub-commands and their command-line options.
There's also work on a PAKE (zero-knowledge password proof protocol) which also solves the problem. Unfortunately the folks who worked on that did not also add an asymmetric PAKE, so the KDC still stores password equivalents :(
> Rotating the KDC/krbtgt credential is also still a nightmare.
I've done a bunch of work in Heimdal to make key rotation not a nightmare. But yeah, AD needs to copy that. I think the RedHat FreeIPA people are working on similar ideas.
> That's a nice dream, but in reality 20 years from know there will still be domain controllers on enterprise networks.
SSPI and Kerberos are super entrenched in the Windows architecture. IMO MSFT should build an SSP that uses JWTs over TLS, using PKI for server auth and JWT for client auth, using Kerberos principal names as claims in the JWTs and using the PKINIT SAN in server certs to keep all the naming backwards compatible. To get at the "PAC" they should just have servers turn around and ask a nearby DC via NETLOGON.