• However, the Kerberos designers chose not to encrypting the KDC
database as a unit when it is being transferred.
• The reasons are
• The principals' master keys are stored in the database encrypted under the KDC
master key, there is no serious disclosure threat.
• An attacker could learn the names of all principals and their properties, but not their
master keys.
• The threat remains that an attacker could rearrange data in transit so that,
for example, some privileged user was given the attacker's master key (by
simply copying the encrypted key field).
• This threat is avoided by transferring the KDC database as a file in the clear
but then sending a cryptographic hash of the file in a Kerberos protected
exchange.
• The protocol itself uses timestamp which can prevent the attacker from
substituting an old version of the KDC database