Date: Sun, 18 Nov 2012 02:29:38 +0100 From: buawig <buawig@...il.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) [MS] > As in standard Kerberos? It would surprise me a whole lot if > Microsoft do not use the Unicode version of the password, or (even > more likely) the 16 byte NT hash as input just like in mskrb5, as > opposed to the plain string you use now. Ok, this makes it clear why I was not be able to crack it. So the outcome will be a MS specific john format (mskrb5-18). According to a few sources MS uses the NT hash: "Careful examination of the Windows specific implementation of Kerberos indicates that the so called “long term secret key” is in fact the NT hash for the account" http://media.blackhat.com/bh-us-12/Briefings/Duckwall/BH_US_12_Duckwall_Campbell_Still_Passing_WP.pdf http://msdn.microsoft.com/en-us/library/cc233855.aspx
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.