My questions is general, but in my case regards the Kerberos protocol and the communication between the client first message and the KDC.
Is there some problem in encrypting using a: (secret key XOR public nonce), instead of the reply that only use the secret client key?
That is - the key is known only to the user, but the nonce was sent public and is known to all.
Now, the reply would be encrypted using the XOR of them both.
Is there a way to manipulate this situation, maybe to use a XOR of nonce^(-1) or to send a "bad" nonce (which is good for the attacker) in order to decrypt the reply from the KDC in order to get the ticket of another user? I have a feeling that there might be something wrong here but can't think on any attack.
Thank you,
Oron
