Comments by "Lawrence D’Oliveiro" (@lawrencedoliveiro9104) on "Taming Kerberos - Computerphile" video.

  1. The separation between the S and T servers is the separation between authentication (proving you are who you say you are, done by S) and authorization (what services you are allowed to access, controlled by T). Each one can be updated independently.
    253
  2. And “Fido” (faithful one) I think was a Latin tradition.
    9
  3. That’s called “key management”. It’s an entirely separate issue. Perhaps you do it by turning up in person at the registration centre with suitable ID.
    2
  4.  @the_hanged_clown  Classical Latin “C” and greek “K” are both pronounced like “K” in English. For a long time, English speakers seem to have had some trouble pronouncing words from other languages and peoples, so they would “anglicize” them. Nowadays, since English speakers themselves are from so many other languages and peoples, you’d think this effect would have lessened somewhat.
    2
  5.  @hanelyp1  Shared-secret authentication does depend on only the right parties, and nobody else, sharing the secret. How else would it work?
    2
  6.  @eddievhfan1984  The server doesn’t need any tickets; only the client does.
    1
  7. A never gets that key. It only gets tickets encrypted with that key.
    1
  8. In other words, Active Directory is less secure than true Kerberos?
    1
  9. 8:30 And you can also verify n[a], to guard against fraudulent responses.
    1
  10. That has already been set up.
    1
  11. Maybe a more general one on the meaning of “technical debt” ...
    1
  12. Is there an example of a quantum computer cracking this?
    1
  13. 0:37 Maybe use the term “secret-key” cryptography instead. “Symmetric” sounds too much like stream-xor, where encryption and decryption are the same algorithm. Just to be clear on terms: “Private” -- something that only you know, and nobody else. “Secret” -- something only known to those who are authorized to know it.
    1
  14. 3:20 I don’t know where you get the idea that quantum computers are going to have better luck at cracking public/private-key encryption than secret-key encryption. Currently they have proven completely useless at doing anything encryption-related, or indeed anything number-theoretic, at all.
    1
  15. Quantum computing is based crucially on the assumption that, for a linear increase in processing elements, you can get an exponential increase in processing power. This seems to come from someone taking too seriously the “many-worlds” mumbo-jumbo (mis)interpretation of quantum mechanics. It’s essentially just “something for nothing” snake oil.
    1
  16.  @NyanSten  What has worked, exactly? Has a quantum computer actually performed any number-theoretic calculation?
    1
  17. See 12:22
    1
  18. All keys involving A except the one for initially communicating with S would have to be short-term, generated on the fly.
    1
  19. That’s part of the setup of B.
    1
  20. All keys not involving A would be long-term.
    1
  21. A password is a shared secret.
    1
  22. You can also have different people/departments having access to the two.
    1