Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 17:16:16 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump
 [implementation confirmed to work]

On Sun, Nov 18, 2012 at 4:14 PM, buawig <buawig@...il.com> wrote:
>> I don't think that it is necessary to modify krb-ng_fmt_plug.c to
>> support M$ AD specifically as M$ AD follows RFC.
>
> Indeed it works, I was able to crack the known password* with you latest
> krb-ng_fmt_plug.c!
>
> So to not have to store the plaintext passwords the KDC stores the
> per-user long term AES key generated from the password via PBKDF2, correct?

I don't know this. Maybe http://tools.ietf.org/html/rfc3962 has
something to say about it.

> To add some figures for how big the slowdown actually is on my side:
> - 390 c/s (faster implementation with pw length limitation)
> - 220 c/s (>16 password length support PBKDF2 implementation)

Don't forget that you can use all cores by enabling OMP in the Makefile.

Just wait for magnum to do his OpenCL magic ;)

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.