Which
of the following schemes is used by the Kerberos authentication?
A.
Public key cryptography
B.
One time password
C.
Private key cryptography
D.
OPIE
Explanation:
Kerberos authentication uses the private key cryptography. Kerberos v5 is an
authentication method used by Windows operating systems to
authenticate users and network services. Windows 2000/2003 and XP clients and servers use
Kerberos v5 as the default authentication
method. Kerberos has replaced the NT LAN Manager (NTLM) authentication method, which was less
secure. Kerberos uses mutual
authentication to verify both the identity of the user and network services. The Kerberos
authentication process is transparent to the users.
Note: Kerberos v5 is not supported on Windows XP Home clients or on any clients that are not
members of an Active Directory domain.
Answer option A is incorrect. Kerberos does not support public key cryptography.
Answer option B is incorrect. Time-synchronized one-time password (OTP) is usually related to a
piece of hardware called a token (e.g., each
user is given a personal token that generates a one-time password). Inside the token is an accurate
clock that has been synchronized with
the clock on the proprietary authentication server. On these OTP systems, time is an important part
of the password algorithm since the
generation of new passwords is based on the current time rather than, or in addition to, the
previous password or a secret key. This token
may be a proprietary device for sale, or a mobile phone or similar mobile device which runs software
that is proprietary, freeware, or opensource.
Answer option D is incorrect. OPIE is the initialism of “One time Passwords In Everything”. Opie is a
mature, Unix-like login and password
package installed on the server and the client which makes untrusted networks safer against
password-sniffing packet-analysis software like
dSniff and safe against Shoulder surfing. It works by circumventing the delayed attack method
because the same password is never usedtwice after installing Opie. OPIE implements a one-time password (OTP) scheme based on S/key,
which will require a secret passphrase (not
echoed) to generate a password for the current session.