Date: Sun, 18 Nov 2012 17:16:16 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump [implementation confirmed to work] On Sun, Nov 18, 2012 at 4:14 PM, buawig <buawig@...il.com> wrote: >> I don't think that it is necessary to modify krb-ng_fmt_plug.c to >> support M$ AD specifically as M$ AD follows RFC. > > Indeed it works, I was able to crack the known password* with you latest > krb-ng_fmt_plug.c! > > So to not have to store the plaintext passwords the KDC stores the > per-user long term AES key generated from the password via PBKDF2, correct? I don't know this. Maybe http://tools.ietf.org/html/rfc3962 has something to say about it. > To add some figures for how big the slowdown actually is on my side: > - 390 c/s (faster implementation with pw length limitation) > - 220 c/s (>16 password length support PBKDF2 implementation) Don't forget that you can use all cores by enabling OMP in the Makefile. Just wait for magnum to do his OpenCL magic ;) -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.