Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 00:14:16 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18)

On 17 Nov, 2012, at 22:49 , buawig <buawig@...il.com> wrote:
>>>> I am thinking of working on the pcap parser and MiTM downgrade
>>>> attack first.
> That are great news.
> 
>> Is this a Micro$oft-specific format? 
> 
> aes256-cts-hmac-sha1-96 is non-MS specific,

Neither is arcfour-hmac but the known plaintext attack in mskrb5 is MS specific.

> I'd call it netkrb5-18 (as opposed to krb5-18 which is for the
> non-network/local version from Camille).

From a super quick glance, the current code is generic so I fully agree that is a good name. Does MS still use that known plaintext? If we find MS-specific attacks we can leave this netkrb5-18 generic and clone it to a MS-specific one (perhaps mskrb5-18). And if we do that, we should make the input format common to both formats so we can either attack it generically or with the plaintext attack.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.