[36730] in Kerberos
Re: NT hashes in krb5
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jan 20 07:35:04 2015
Message-ID: <54BD4A47.7080205@mit.edu>
Date: Mon, 19 Jan 2015 13:17:43 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: zarafeh@live.com, "kerberos@mit.edu" <kerberos@mit.edu>
In-Reply-To: <BLU175-W4250F8C5950AB751637613C04A0@phx.gbl>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 01/19/2015 02:24 AM, Zaid Arafeh wrote:
> If I have the K/M key (which is in the database) and I have the password
> for the master key, would that make extracting hashes from the database
> easier?
It is possible but not convenient; you would have to write code to do
the decryption.
> I looked at the keytab file (thnx) , unfortunately keytab files usually
> don't store the krbtgt key (which is what I am looking for )
Nothing stops you from extracting a krbtgt key to a keytab. It is true
that people do not usually store krbtgt keys in keytabs--but krbtgt keys
are also not normally NT hashes; they are normally random and do not
correspond to any password.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
