Editing Replay attack (section)

===Kerberos protocol prevention=== 
The [[Kerberos (protocol)|Kerberos authentication protocol]] includes some countermeasures. In the classic case of a replay attack, a message is captured by an adversary and then replayed at a later date in order to produce an effect. For example, if a banking scheme were to be vulnerable to this attack, a message which results in the transfer of funds could be replayed over and over to transfer more funds than originally intended. However, the Kerberos protocol, as implemented in Microsoft Windows Active Directory, includes the use of a scheme involving time stamps to severely limit the effectiveness of replay attacks. Messages which are past the "time to live (TTL)" are considered old and are discarded.<ref>{{Cite web|url=https://redmondmag.com/articles/2012/02/01/understanding-the-essentials-of-the-kerberos-protocol.aspx|title=Kerberos Authentication 101: Understanding the Essentials of the Kerberos Security Protocol|last=Olsen|first=Geir|date=1 February 2012|website=Redmond Magazine|language=en|access-date=2017-06-13}}</ref>

There have been improvements proposed, including the use of a triple password scheme. These three passwords are used with the authentication server, ticket-granting server, and TGS. These servers use the passwords to encrypt messages with secret [[Key (cryptography)|keys]] between the different servers. The [[encryption]] that is provided by these three keys help aid in preventing replay attacks.<ref>{{Cite journal|last1=Dua|first1=Gagan|title=Replay Attack Prevention in Kerberos Authentication Protocol Using Triple Password|journal=International Journal of Computer Networks & Communications|volume=5|issue=2|pages=59–70|arxiv=1304.3550|year=2013|doi=10.5121/ijcnc.2013.5205|s2cid=9715110}}</ref>