[15968] in Kerberos_V5_Development
Re: Question about FAST
daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Thu Jul 8 13:02:40 2010
Mime-Version: 1.0 (Apple Message framework v1081)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <mailman.489.1278604987.30146.krbdev@mit.edu>
Date: Thu, 8 Jul 2010 10:02:35 -0700
Message-Id: <B962574F-3F24-408A-A3A1-3D7917D3DD56@jpl.nasa.gov>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Jul 8, 2010, at 9:03 AM, krbdev-request@mit.edu wrote:
> On Sab, 26/6/10, Greg Hudson <ghudson@MIT.EDU> wrote:
>
>> I haven't personally tried to do this, so I'm not sure why John the
>> Ripper wouldn't be working.? Note that if your user principals require
>> preauth, you'd want to attack the second AS-REQ or second AS-REP; if
>> they don't require preauth, you'd want to attack the first AS-REP.
>
> I have asked the developer of Kerberos, and the author of krb5 cracker code said that the code is unlikely to work for most current deployments of Kerberos
> Is there any idea of how to prove the vulberability of Kerberos without pre-authentication and using dictionary attack password guessing ?
John the Ripper supports single-des keys, and I think it requires an AFS3 salt as well. Neither of those are enabled by default in current installations.
Not sure what this has to do with FAST.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev