Paper: Feasibility of attacking Windows 2000 Kerberos Passwords
Frank O'Dwyer
fod at brd.ie
Wed Mar 6 07:14:24 EST 2002
I have uploaded a paper on the feasibility of dictionary attacking/brute
forcing Windows 2000 Kerberos passwords (via sniffing the encrypted
timestamp pre-authentication data) that may be of interest.
I am aware that the vulnerability will not be news to anyone here, and the
solutions are also pretty obvious, but as far as I know this has not
received much public discussion in the context of W2K. It is also pretty
clear that the public perception of W2K Kerberos strength against this sort
of attack is not accurate.
See http://www.brd.ie/papers/w2kkrb/feasibility_of_w2k_kerberos_attack.htm
Cheers,
Frank O'Dwyer
More information about the Kerberos
mailing list