Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Dec 2012 23:00:51 +0530
From: Dhiru Kholia <>
Subject: rc4-hmac parsing support + etype 17 + input format unification (Was:
 Re: [john-users] support for weak kerberos etypes)

Moving topic to john-dev.

On Thu, Dec 6, 2012 at 5:38 PM, magnum <> wrote:
> On 6 Dec, 2012, at 12:53 , Dhiru Kholia <> wrote:
>> On Thu, Dec 6, 2012 at 5:00 PM, magnum <> wrote:
>>> Also, etype 17 would be super-easy to add (provided the only difference is the AES) to our current krb5ng and krb5ng-opencl formats if someone provides a sample pcap. It wont be any faster than etype 18 though. As far as I can read, it would need to be modified to support this etype... would we also need to change the input format? Maybe add the etype as a separate field.
>> I will extend krb5-ng (CPU format) to support etype 17 soon.

This is done now. Hope my changes makes sense.

>>> We could want to rename mskrb5 to krb5pa-md5 and krb5ng to krb5pa-sha1. Or would krb5pa-sha1-96 be better?
>> mskrb5 to krb5pa-md5 and krb5ng to krb5pa-sha1 sounds good.

New file name is "krb5pa-sha1_fmt_plug.c"

>> I can make output hashes in this format and add support
>> for rc4-hmac.

> Great! I will fix my formats as soon as is updated. Perhaps I should do an opencl format for etype 23 too, especially if there are downgrade attacks possible. It will be a whole lot faster than etype 17/18.

I am using the following format which is slightly different from the original.

$ krb5pa $ etype $ salttype $ user $ realm $ timestamp $ checksum

I will commit my changes once the attached patch get reviewed.


Download attachment "0001-v3-Add-support-for-parsing-rc4-hmac-hashes-and-change-i.patch" of type "application/octet-stream" (40290 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.