Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Nov 2012 10:36:25 +0100
From: magnum <>
Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) [MS]

On 18 Nov, 2012, at 9:00 , Dhiru Kholia <> wrote:
> On Sun, Nov 18, 2012 at 6:59 AM, buawig <> wrote:
>>> As in standard Kerberos? It would surprise me a whole lot if
>>> Microsoft do not use the Unicode version of the password, or (even
>>> more likely) the 16 byte NT hash as input just like in mskrb5, as
>>> opposed to the plain string you use now.
>> Ok, this makes it clear why I was not be able to crack it. So the
>> outcome will be a MS specific john format (mskrb5-18).
> I don't think that it is necessary to modify krb-ng_fmt_plug.c to
> support M$ AD specifically as M$ AD follows RFC.

Does the RFC specify how to encode the password? Is the known plaintext string included in the RFC?

This is good news but it emphasizes the need for a pcap file showing authentication with a non-ascii password. The only thing I can imagine is that Micro$oft has finally gone clever (wait... can I really imagine that?) and started using UTF-8.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.