Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <50BA0055.80608@gmail.com>
Date: Sat, 01 Dec 2012 14:04:21 +0100
From: buawig <buawig@...il.com>
To: john-users@...ts.openwall.com
Subject: john kerberos feature wishlist

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

this would be my feature whishlist when it comes to john's support on
kerberos matters (network only):

- - support for kerberos etype 1 (des-cbc-crc) and/or 3 (des-cbc-md5)
(this is the most important feature request in this list, as I expect
this to be *a lot* faster than etype 18 or etype 23)

- - Currently john uses the PA_ENC_TIMESTAMP (from the client's AS-REQ)
as cracking input, what if the client is not
vulnerable to downgrade attacks but the server is? Can we use the
server response to start cracking to?

- - john GPU support for kerberos etype 18
- - a tool to pre-compute PBKDF2 etype 18 AES keys (preferable via GPU)
	- input: wordlist, john rules, salt, iteration count
	- output file which contains the AES keys for the given wordlist
(with rules applied), salt and iteration count

- - john support to crack etype 18 with precomputed AES keys (instead of
passwords) using the above pre-generated AES key list as input

(I omitted features related to downgrade attacks as they are not
implemented in john)

thanks!
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJQugBVAAoJEJeRHQyF0ukM60sQAIlPwDzAXhkXeQrNizhk0BZ0
2cya0WZEYHXqApCAZts07X/4A+U+OXQknyK2wwgRbWxdJfCw8WzTd06AIU8YUiGq
J5pE+vU+03tVy+7m5qx79CyTo5xuEluHxojma6FqTypQHZLqMOucJtaPYuA4eyj3
Z4X7YnnWx2o8jeVfpKb+XPLxf9+SCM3Pe2v8x4jvo40VwgfkOuuC7qWUQXM13E4H
TWhn/UB0bnMJDzOScW1J/NRZOeKBb54oQXHJvz7SALhzLZU/uKGZzaCXJtmbnHEr
nHySR1AilXTFig4cYYTeQ3Us6IYk8tss2SacOc9E49W2wd8BH70XHwHaCNp6ioW1
WDo39rs4HZW2Pi15x8zMBGeH56tCcvKoXmhUUlkUJCIam7fBtpnTr/9zMnv3qwfr
G/+X/RG0Uppn+gVy4x4KXCo8npeQo/9Gt5Biy22/lzTx5T6EONkMJ3U+8Szn5NFm
yG9qw4k8cTDjGT2C30pTx6UOvDsOKBJ63AEjLGQgAKJ509mb7pZ1s3EzIUTlYvFZ
S8t8w4n1jiBuow57nW19kS5ZtFsHtctByncSLfnBC04qwhcUvLoSbb2QCf+9ov1V
ecxC/+8BOtQr8oXl0yoyDnt7tWMwhGRHOqRK0ZBrew7vVnRsnTtzJLY3yipkgc1D
kcyGudLOnZq2A63LoypD
=CnDK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.