|
Message-ID: <fc433b551527fb782758d143625be2d6@smtp.hushmail.com> Date: Sat, 17 Nov 2012 11:16:22 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: cracking passwords with a kerberos traffic dump / aes256-cts-hmac-sha1-96 (18) On 17 Nov, 2012, at 7:41 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Sat, Nov 17, 2012 at 4:43 AM, buawig <buawig@...il.com> wrote: >>> What is the value of "Encryption type" when you view the AS-REQ >>> packet in Wireshark? >>> On my setup (which is using default values) it is 18 >>> (aes256-cts-hmac-sha1-96 is being used). >> >> Yes, I noticed it too, it is aes256-cts-hmac-sha1-96 (18), which is >> probably why Cain is not able to extract ENC_TIMESTAMP from AS-REQ. >> >> Nonetheless it would be great to see an implementation for >> enc type 18 / aes256-cts-hmac-sha1-96 (from a traffic capture). >> >> Thank you for your help and numerous answers, looking forward to see >> krb5-18-traffic_fmt.c ;) > > I have implemented such a format (attached) with the help of code > posted on insidepro.com forum and by asking "ghudson" numerous > questions on #krbdev . However, it is super slow due to use of PBKDF2 > with 4096 iterations. > > NOTE: Checksum implies last 12 bytes of PA_ENC_TIMESTAMP value in > AS-REQ packet. The total length of PA_ENC_TIMESTAMP should be 56 bytes > (after hex2bin conversion). > > Lot of optimizations can be done (get rid of nfold operations, use > Lukas's PBKDF2 code, magnum's valid timestamp heuristics etc). I will > port this format to OpenCL soon. Cool. Be sure to use the PBKDF2 from current wpapsk-opencl as it uses a split kernel. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.