Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Sep 2012 20:30:29 +0200
From: Camille Mougey <>
Subject: Re: New formats: KRB5-18 and KRB5-23


2012/9/6 magnum <>

> On 09/06/2012 09:12 AM, Camille Mougey wrote:
>> I send you two new formats, named KRB5-18 and KRB5-23 and both tools :
>> krb5_util.patch and kdcdump2john.
> Thanks, this is now committed to git. Since it has a dependency on KRB5
> libs and headers, it is by default disabled but emits a notice when
> building, just like a couple of other formats.
>  The idea is as follows:
>> - On a KDC server, with the krb5_util patched tool, dump the unencrypted
>> database.
> I placed the README in the doc directory. I'm not sure I did the right
> thing, but I also placed the krb5-util patch there too. Maybe we should put
> it in unused/ with a notice in the readme.

Yes, I thinks its place is in unused directory.

>  - With kdcdump2john, get relevant informations and create a hash list for
>> john
>> - The 2 formats corresponds to, respectively, aes256-cts-hmac-sha1-96 (the
>> recommended format) and arcfour-hmac (faster to crack)
> Yes, a lot... here's my benchmarks, non-OMP (i7 at 2.3):
> Benchmarking: KRB5 aes256-cts-hmac-sha1-96 [32/64]... DONE
> Raw:    151 c/s real, 151 c/s virtual
> Benchmarking: KRB5 arcfour-hmac [32/64]... DONE
> Raw:    3327K c/s real, 3327K c/s virtual
>  Looking forward for your comments,
> While they work like champs on Linux, both fail self-test on OSX, although
> there are no problems nor warnings when building. I'm not sure I'll be able
> to debug that soon, maybe you or someone else can.
> magnum
> I'll see if I can find the problem too.

Thanks for commit,


Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.