Back to index

Limitations of the Kerberos Authentication System

Steven M. Bellovin and Michael Merritt, AT&T Bell Labs

One-line summary: Kerberos IV is widely distributed and security is becoming more important, so we need to evaluate its limitations (lack of features) and weaknesses (attack vulnerabilities), given that it's being used in some systems whose underlying assumptions differed from MIT Athena's. Some problems are fixed in proposed Kerberos V, but not all, and others are introduced through new mechanisms that have not been thoroughly analyzed for security.

Overview/Main Points

Weaknesses/Limitations (version 4 and 5) Weaknesses in proposed version 5 additions Recommendations Other


Kerberos IV is widely disseminated, so even the limitations/weaknesses fixed in version 5 are worth addressing. Also, important to note that, just as for sof tware correctness, any nontrivial change to the system results in a whole new system whose security properties must be re-derived "from first principles", or risk introducing security holes.


Some of the limitations in Kerberos IV stem from its initial assumptions in the MIT Athena environment, and some of the formal techniques for security verification that lead to the discovery of certain attacks were not widely known when it was designed. The attacks described on Kerberos 5 suggest that a thorough verification using formal methods would be wise.

Back to index