Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 02:29:38 +0100
From: buawig <>
Subject: Re: cracking passwords with a kerberos traffic dump
 / aes256-cts-hmac-sha1-96 (18) [MS]

> As in standard Kerberos? It would surprise me a whole lot if
> Microsoft do not use the Unicode version of the password, or (even
> more likely) the 16 byte NT hash as input just like in mskrb5, as
> opposed to the plain string you use now.

Ok, this makes it clear why I was not be able to crack it. So the
outcome will be a MS specific john format (mskrb5-18).

According to a few sources MS uses the NT hash:

"Careful examination of the Windows specific implementation of Kerberos
indicates that the so called “long term secret key” is in fact the NT
hash for the account"

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.