Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 00:14:16 +0100
From: magnum <>
Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18)

On 17 Nov, 2012, at 22:49 , buawig <> wrote:
>>>> I am thinking of working on the pcap parser and MiTM downgrade
>>>> attack first.
> That are great news.
>> Is this a Micro$oft-specific format? 
> aes256-cts-hmac-sha1-96 is non-MS specific,

Neither is arcfour-hmac but the known plaintext attack in mskrb5 is MS specific.

> I'd call it netkrb5-18 (as opposed to krb5-18 which is for the
> non-network/local version from Camille).

From a super quick glance, the current code is generic so I fully agree that is a good name. Does MS still use that known plaintext? If we find MS-specific attacks we can leave this netkrb5-18 generic and clone it to a MS-specific one (perhaps mskrb5-18). And if we do that, we should make the input format common to both formats so we can either attack it generically or with the plaintext attack.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.