Date: Fri, 7 Dec 2012 23:00:51 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: rc4-hmac parsing support + etype 17 + input format unification (Was: Re: [john-users] support for weak kerberos etypes) Moving topic to john-dev. On Thu, Dec 6, 2012 at 5:38 PM, magnum <john.magnum@...hmail.com> wrote: > On 6 Dec, 2012, at 12:53 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> On Thu, Dec 6, 2012 at 5:00 PM, magnum <john.magnum@...hmail.com> wrote: >>> Also, etype 17 would be super-easy to add (provided the only difference is the AES) to our current krb5ng and krb5ng-opencl formats if someone provides a sample pcap. It wont be any faster than etype 18 though. As far as I can read krbng2john.py, it would need to be modified to support this etype... would we also need to change the input format? Maybe add the etype as a separate field. >> >> I will extend krb5-ng (CPU format) to support etype 17 soon. This is done now. Hope my changes makes sense. >>> We could want to rename mskrb5 to krb5pa-md5 and krb5ng to krb5pa-sha1. Or would krb5pa-sha1-96 be better? >> mskrb5 to krb5pa-md5 and krb5ng to krb5pa-sha1 sounds good. New file name is "krb5pa-sha1_fmt_plug.c" >> I can make krbng2john.py output hashes in this format and add support >> for rc4-hmac. > Great! I will fix my formats as soon as krbng2john.py is updated. Perhaps I should do an opencl format for etype 23 too, especially if there are downgrade attacks possible. It will be a whole lot faster than etype 17/18. I am using the following format which is slightly different from the original. $ krb5pa $ etype $ salttype $ user $ realm $ timestamp $ checksum I will commit my changes once the attached patch get reviewed. -- Cheers, Dhiru Download attachment "0001-v3-Add-support-for-parsing-rc4-hmac-hashes-and-change-i.patch" of type "application/octet-stream" (40290 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.