Kerberos Password Sniffing

Jim Barlow jbarlow at ncsa.uiuc.edu
Tue Dec 3 15:37:44 EST 2002


A number of years ago one of the employees here at NCSA, Von Welch, wrote
a conversion utility for Crack 5.0 which converts kerberos 5 keys to
SPF format (krb52spf.c and mods to elcid.c).  I have used it and it works
very well.  I can try to package these up if anyone is interested.


On Sun, Dec 01, 2002 at 04:03:47AM +0000, Paul Vixie wrote:
> john at iastate.edu (John Hascall) writes:
> 
> >    This is why good password choice is *critical*.  If my password
> >    is "hello" then I will be cracked by this process in short
> >    order.  If my password is "Op+f at 1btsIstd" it is extremely unlikely
> >    this is one of the keys they have to try so I am safe.
> 
> is there a "crack" module for kerberos?  after reading the stanford paper
> about how kerberos tickets could be attacked offline, i've been wanting to
> actually try this -- no sniffing is required -- against my own kerberos db
> to look for easy to guess passwords.  probably distributed.net should run
> this as a contest or something.  but is there a kit available or would i
> have to be a black hat to get my hands on software like that?
> -- 
> Paul Vixie
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

-- 
James J. Barlow   <jbarlow at ncsa.uiuc.edu>
Senior System/Security Engineer
National Center for Supercomputing Applications    Voice : (217)244-6403
605 East Springfield Avenue   Champaign, IL 61820   Cell : (217)840-0601
http://www.ncsa.uiuc.edu/~jbarlow                    Fax : (217)244-1987



More information about the Kerberos mailing list