I love how Mike Pound explains cryptography. He's my favorite guy of all Computerphile, next to Tom Scott, that is.

8:08 "My very well drawn curly brackets" -- damn right those are well drawn! That will make it extra secure.

3:07 - “It’s an absolute mess”. Actually, it’s a full mesh! ... I will show myself out ...

The separation between the S and T servers is the separation between _authentication_ (proving you are who you say you are, done by S) and _authorization_ (what services you are allowed to access, controlled by T). Each one can be updated independently.

"B is just sitting on the network waiting for people to talk to it" Same, B, same.

Would love to see Dr. Mike Pound do a video on JSON Web Tokens!!

This is HANDS DOWN the BEST description of how Kerberos works. Straight forward, easy to understand. I feel like I truly understand it now, vs just having a general idea of what it does. Thanks so much for this great content!!❤❤❤

12:48 I can just picture a lonely server spinning up disks that have been idle for years, like oh yea someone still wants me 😂

Hands-down the best explanation I've seen about kerberos auth mechanism on the internet.

3:01 Kerberos and mike draws a pentagram lol

The best and most in depth explanation of the Kerbaros protocol on KZbin. Thank you!

I can't say this enough. I LOVE this channel and how well everything is explained! Dr. Pounds videos are my favorite as he's just so likable and amazing at his explanations. Keep up the amazing work everyone!

first heard of Kerberos nearly 30 years ago but never used it, this is the first time I've actually gotten a high-level overview that was super easy to understand - thank you!

Thank you so much Mike for these videos. I'm taking the security + right now and I would be lost without you. Your video's really help to solidify the text.

It was nice to see this overview again. I had to learn to setup a KDC and do all this ticketing stuff for my RHCE certification. It was good to know, so I have a better understanding of what's going on behind the scenes.

This is a decent retro perspective on hard coding server based authority networking. Thank you for your efforts. Back in the early nineties we used this with Norvell for user based authentication for both bridges and simple internal routing via IPX. Cool to see it being reimplimated for wide distribution systems. Our biggest concern back then was Chatterbox, inbound exchanges outside of our secured internal networks with disparate network protocols. IP was not a standard like today.

Thank you. This was a great description of Kerberos. I wish I had had it many years ago when I read the original paper.

What an elegant design! And well explained Professor!

This is a brilliant explanation! I've been working with KRB (MIT and Heimdal) and OpenAFS for a decade, but recently moved to (samba) AD. Kerberos is my friend! The most common failure of both is clock offsets! If the lifetime doesn't match or the timestamp is in the future, it throws funnies. never had any serious issues in those 10 years. KDCs just keep on working

Such a beautiful topic. Amazingly explained!

It is worth mentioning that in AD, the authorization is split between the ticket granting service and the target resource (in this case the file server). The ticket will also carry information about group membership, which will allow the file server to determine whether the user trying to access it is allowed, or is a member of a group that is allowed to access the server. Also worth mentioning that because of all these timestamps floating around, it is imperative that all these systems have the same time.

Really good Kerberos overview! Nice job.

I've been waiting for the video!

So clear and helpful, thank you Mike once again.

Woo, finally something I'm close to understanding and actually has something to do with my work.

brilliant mechanism and brilliant explaination , thank you.

Your videos are the reason why I'm subscribed to this channel

I am so glad I can watch videos made by geniuses. And I admire your modesty as well.

I like Mikes videos! Keep it up Computerphile!

A wonderful video on how Kerberos works!

This video helped in me in understanding kerberos in expert level...thanks for the very clear explanation i was able to finish my assignment because of this

Got to say your excellent in the way you explain, not that you need it but a big thumbs up from me . 👍🏻

For those wondering why the timestamp T is necessary throughout most of the video, wait until near the end where Mike explains that it's a way to defend against an imposter. It's perfectly understandable why this was discussed only near the end (13:53). Be patient, it's explained in the video.

Your best video Mike.

Dr. Pound at home? Checks out. That is almost certainly the home decor of a computer scientist ;)

Nice quality "at home" video! Quite a rarity at the moment!

Dr Mike ... please do a similar video for SAML [2.0] and federated identity management! You make everything so clear.

Great explanation as always. I've also made a few videos about kerberos myself recently, mainly demonstrating some of the ways to circumvent the security of it. Oh and one small correction: in active directory its not the authentication server or KDC that decides if the user is allowed to access the service its requesting a ticket for - its up to the service on the file server etc to decide if the user is allowed in or not. All the KDC does is "guarantee" that the user is who they say they are. So yeah any user can request a ticket for any service that supports kerberos auth, which is a bit of a security issue because now anyone can get hold of some data that was encrypted using the password of the user account running that service, and they can then brute force that offline to get the password.

brilliantly explained, thank you

Really well explained, thanks!

Great video, so well put and easy to understand. I imagine this is how Jared would look if he had decided to go down the tech road and not biz dev.

One day, after doing a lot of reading and research, I nearly completely understood Kerberos. The next day, I’ve already forgotten most of it again...

Amazing teacher. Thank you!

Thanks Dr Mike!!!

Great video, love the intuitive examples! just a quick note, Kerberos doesn't require a password for every client, it does however require a shared key with the KDC as you explained. and in various cases the client doesn't have an actual password, they just have a a shared secret (active directory magic), virtual machines in the cloud for example. and if a third party sends the KDC a request in a valid client's name, the KDC will answer anyway because it doesn't matter, since only the actual user can decrypt and use the answer of the KDC correct me if I'm mistaken, and Thanks for the great video! :)

Thank you, this is a great explanation! Can you do a Part 2 for this video explaining a 2-hop scenario? For example an AD user on their laptop requests data from server A, which then impersonates the AD user to request data from server B? I think many of my colleagues would watch it too.

you forget that's its a remote interview, well done! also i love a vid on my field of expertise and still has some new details for me, which causes me to tinker with AD a bit more. thanks! :)

This pattern vaguely looks like the Authorization Code Flow for OAuth 2.0. Pretty neat! 👍

I had to implement Kerberos SSO support for the software that my company makes. I had no idea what all the settings did, but now it all makes sense.

PSA: Kerberos means "Spotted One". Even millennia ago the tradition of naming your dog Spot was so strong that even the gods got in on it.

As someone else commented I would like to see a video on JSON Web Tokens. An extra plus would be if it also explained the whole refresh token mechanism which I think is much of the reason for why we are always logged in on different web services like Facebook, KZbin, etc.

Really great video, helped a lot.

this guy is amazing at explaining

Amazing video! Thank you!!

this guy is just amazing ! great explanation =)

Mike you should be a Professor at MIT or Harvard ! You are the best !

Nice video Maybe you could do a future video on Plan9 authentification mecanism/factotum and it's advantages over Kerberos :D

Where is alice, bob, charlie, and debbie these days, anyway? I heard all about their problems in school for computer science.

Awesome! Could you do one on SAML as well?

Well explained thanks!

2:57 - TFW Trying to explain computer stuff but you're actually summoning the devil. Jokes aside, thank you very much for this video. I have learned a lot from this channel in the preparation for my CISSP exam. These videos explain really things that the "official" books really don't (from my perspective).

I remember studying Kerberos and thinking I'd never understand this. Also was amazed how almost all Windows / AD / Exchange engineers I've met has not retained this knowledge!

Excellent!

I've rescued several townsfolk isolated in their homes by purging that three headed beast from their cache located in their home directory after which they were again, able to go to town and conduct business. On a different note, can you guys please talk about principle component analysis using a compressed representation or subspace neural physics. I want to hear more about it from you guys :)

great video! thank you!

Great video. Just wondering, in an Active Directory scenario does the encryption process utilize the TLS cipher suites available on the servers? Which is to say Kerberos has a dependency on the TLS protocol level and ciphers suites available on the host and server? Or does the Kerberos mechanism have it's own encryption protocol that is consistent across all Windows OS levels?

the sounds of that market freaks me out ! but great content sir !

Wonderful video! I don't get how the long term key Kas is shared between the Kerberos server and computer A.

Beautiful, now I know how ActiveRecord works!

An interesting thing that should be mentioned is that the that KaT key contains you list of group memberships so when accessing the file server it can do authorisation without contacting the domain controller.

Could you guys do a video on prime order elliptic curves and their applications in commitment schemes, and zero knowledge proofs?

every time I develop a solution and find myself having to deal with Kerberos, I look the other way because it's so scary.

What encryption does it use and did this change over the decades? How is the very first key exchanged? Any protocol (that changed over decades?) or just whatever people wanted to use (floppy, pen&paper, ... DH)?

When I saw him using a tabulation paper with those green lines I subscribed immediately 😊

There is one thing I don't get: Why does B have a long term key with T (Kbt) while A does not? Doesn't B have to go through the TGT process as well?

take a shot everytime he says ticket

8:30 And you can also verify n[a], to guard against fraudulent responses.

No offence Sean, this is the best I've seen Mike lit and at this point, I've seen most of his videos with him, from pneumonia pale to pneumonia yellow.

Just want to make sure I'm understanding the bit at 13:50 correctly. So B sends back Ta+1 to A to prove that it was able to read the message (A,Ta) using Kab that it received?

I was a bit worried at the beginning that the nonce isn't encrypted in the ticket request, but AIUI since you don't have Kas it doesn't matter, you can't decrypt Kat and get authorization to other services?

a week and a half into kerberos delegation bug, prayers appreciated

What is inside that terrarium behind you my dude?

The classic sleeve adjustment lives on in the remote world

I once had to do some Service Principal configuration & administration with Kerberos in AD. That was >10 years ago. I still have nightmares.

One thing I don't understand, why does K_at need to be generated but K_bt is long-term? Or would K_at only and immediately be generated when A joins the system and K_bt missing would imply B not being present?

Very nice explanation, but I had a couple questions if anybody could answer: 1) Why does the authentication and Ticket granting need to be done by two separate servers? Can't they be combined in a single server that authenticates and directly gives the ticket Kab? Why the additional hop to the ticket granting server (even if authentication and ticket granting services are on the same server, I am guessing this hop to the ticket granting service occurs)? This doesn't appear to be a massively expensive operation that the two services need to be separated. 2) How is the initial 'long term password' between the servers/computers exchanged? Surely that is the problem that public key encryption is needed to solve. Once both sides have a shared secret, symmetric key works just fine, but this video doesn't address how that initial password between the servers (or to the user) is exchanged securely. Thanks!

Someone who knows, correct me if i'm wrong; So basically, per-user unique keys are stored in a central server (created when they first sign up), and this key generates more keys when user wants to talk to peripherals connected to the server. (peripherals as other users etc) If this is correct, my follow up question is, while the user is signing up the first time, how is his 'password' sent over? Public Key system? Then quantum cracking over first step will get the password & decrypt all the tickets the server produces later on.

wunderbar !!

And when you register to create your account, what kind of encryption does it use? Because the creation of the account seems to be quite important as well

would be very nice if you put all those crypto/network videos into a playlist (sorry if you already did, just couldn't see it)

Have I understood correctly: B has a long term ticket from T, but A does not. Why is that? Are they exchanged without involvement from S?

Well done boss. Just a small question, if you don't mid. How can the server b validate the message comes from server a without contacting the server S?

is the ticket server AD-DC, or what that "ticket server" requires to function?

I like your content, but is there a possibility of doing something about your echo?

Just one question to fully understand this: How do encrypt a shared secret like K at symmetric and share it with T so T can decrypt the shared secret? Or is there no need to do this?

In general we look for decentralised peer to peer networks, because that ticket granting server is a central point of failure and cannot always be trusted and there a high chance of it being compromised. The industry is moving towards permissionless systems, because not even the central authority granting permission can be considered reliable when it comes to rights, as in the central authority might have a bias.

Question: Does B have a permanent Ktb key, or how did it get hold of it??

Excellent4!

How do you get SAML to work with Kerberos?

@5:50 Why use S for Authentication service and T for Ticket Service? I had to watch that twice because that acronym mix up got me. I wish you had drawn A for Authentication.