Date: Sun, 18 Nov 2012 17:31:05 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) [MS] On Sun, Nov 18, 2012 at 5:06 PM, buawig <buawig@...il.com> wrote: >>> Does the RFC specify how to encode the password? Is the known plaintext string included in the RFC? >> >> RFC doesn't mention UTF anywhere it seems . Test vectors are included >> in https://tools.ietf.org/rfc/rfc3962.txt > > https://tools.ietf.org/html/rfc3961 (that defines how to define a > Kerberos Encryption Algorithm Profile) has something about pass phrase > encoding: > > string-to-key (UTF-8 string, UTF-8 string, opaque)->(protocol-key) > This function generates a key from two UTF-8 strings and an opaque > octet string. One of the strings is usually the principal's pass > phrase, but generally it is merely a secret string. The other > string is a "salt" string intended to produce different keys from > the same password for different users or realms. Although the > strings provided will use UTF-8 encoding, no specific version of > Unicode should be assumed; all valid UTF-8 strings should be > allowed. Strings provided in other encodings MUST first be > converted to UTF-8 before applying this function. Some more information about this, 1. Google "Key derivation with non-ASCII characters" 2. http://pl.digipedia.org/usenet/thread/11858/3963/ -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.