Date: Sat, 17 Nov 2012 12:11:14 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) On Sat, Nov 17, 2012 at 4:43 AM, buawig <buawig@...il.com> wrote: >> What is the value of "Encryption type" when you view the AS-REQ >> packet in Wireshark? >> On my setup (which is using default values) it is 18 >> (aes256-cts-hmac-sha1-96 is being used). > > Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is > probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ. > > Nonetheless it would be great to see an implementation for > enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture). > > Thank you for your help and numerous answers, looking forward to see > krb5-18-traffic_fmt.c ;) I have implemented such a format (attached) with the help of code posted on insidepro.com forum and by asking "ghudson" numerous questions on #krbdev . However, it is super slow due to use of PBKDF2 with 4096 iterations. NOTE: Checksum implies last 12 bytes of PA_ENC_TIMESTAMP value in AS-REQ packet. The total length of PA_ENC_TIMESTAMP should be 56 bytes (after hex2bin conversion). Lot of optimizations can be done (get rid of nfold operations, use Lukas's PBKDF2 code, magnum's valid timestamp heuristics etc). I will port this format to OpenCL soon. -- Cheers, Dhiru View attachment "krb-ng_fmt_plug.c" of type "text/x-csrc" (13762 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.