Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Nov 2012 12:11:14 +0530
From: Dhiru Kholia <>
Subject: Re: cracking passwords with a kerberos traffic dump /
 aes256-cts-hmac-sha1-96 (18)

On Sat, Nov 17, 2012 at 4:43 AM, buawig <> wrote:
>> What is the value of "Encryption type" when you view the AS-REQ
>> packet in Wireshark?
>> On my setup (which is using default values) it is 18
>> (aes256-cts-hmac-sha1-96 is being used).
> Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is
> probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ.
> Nonetheless it would be great to see an implementation for
> enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture).
> Thank you for your help and numerous answers, looking forward to see
> krb5-18-traffic_fmt.c ;)

I have implemented such a format (attached) with the help of code
posted on forum and by asking "ghudson" numerous
questions on #krbdev . However, it is super slow due to use of PBKDF2
with 4096 iterations.

NOTE: Checksum implies last 12 bytes of PA_ENC_TIMESTAMP value in
AS-REQ packet. The total length of PA_ENC_TIMESTAMP should be 56 bytes
(after hex2bin conversion).

Lot of optimizations can be done (get rid of nfold operations, use
Lukas's PBKDF2 code, magnum's valid timestamp heuristics etc). I will
port this format to OpenCL soon.


View attachment "krb-ng_fmt_plug.c" of type "text/x-csrc" (13762 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.