Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fc433b551527fb782758d143625be2d6@smtp.hushmail.com>
Date: Sat, 17 Nov 2012 11:16:22 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18)

On 17 Nov, 2012, at 7:41 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Sat, Nov 17, 2012 at 4:43 AM, buawig <buawig@...il.com> wrote:
>>> What is the value of "Encryption type" when you view the AS-REQ
>>> packet in Wireshark?
>>> On my setup (which is using default values) it is 18
>>> (aes256-cts-hmac-sha1-96 is being used).
>> 
>> Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is
>> probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ.
>> 
>> Nonetheless it would be great to see an implementation for
>> enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture).
>> 
>> Thank you for your help and numerous answers, looking forward to see
>> krb5-18-traffic_fmt.c ;)
> 
> I have implemented such a format (attached) with the help of code
> posted on insidepro.com forum and by asking "ghudson" numerous
> questions on #krbdev . However, it is super slow due to use of PBKDF2
> with 4096 iterations.
> 
> NOTE: Checksum implies last 12 bytes of PA_ENC_TIMESTAMP value in
> AS-REQ packet. The total length of PA_ENC_TIMESTAMP should be 56 bytes
> (after hex2bin conversion).
> 
> Lot of optimizations can be done (get rid of nfold operations, use
> Lukas's PBKDF2 code, magnum's valid timestamp heuristics etc). I will
> port this format to OpenCL soon.

Cool. Be sure to use the PBKDF2 from current wpapsk-opencl as it uses a split kernel.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.