Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 17:31:05 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump /
 aes256-cts-hmac-sha1-96 (18) [MS]

On Sun, Nov 18, 2012 at 5:06 PM, buawig <buawig@...il.com> wrote:
>>> Does the RFC specify how to encode the password? Is the known plaintext string included in the RFC?
>>
>> RFC doesn't mention UTF anywhere it seems . Test vectors are included
>> in https://tools.ietf.org/rfc/rfc3962.txt
>
> https://tools.ietf.org/html/rfc3961 (that defines how to define a
> Kerberos Encryption Algorithm Profile) has something about pass phrase
> encoding:
>
>    string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key)
>       This function generates a key from two UTF-8 strings and an opaque
>       octet string.  One of the strings is usually the principal's pass
>       phrase, but generally it is merely a secret string.  The other
>       string is a "salt" string intended to produce different keys from
>       the same password for different users or realms.  Although the
>       strings provided will use UTF-8 encoding, no specific version of
>       Unicode should be assumed; all valid UTF-8 strings should be
>       allowed.  Strings provided in other encodings MUST first be
>       converted to UTF-8 before applying this function.

Some more  information about this,

1. Google "Key derivation with non-ASCII characters"
2. http://pl.digipedia.org/usenet/thread/11858/3963/

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.