Paper: Feasibility of attacking Windows 2000 Kerberos Passwords
Jacques A. Vidrine
n at nectar.cc
Wed Mar 6 08:26:31 EST 2002
On Wed, Mar 06, 2002 at 12:14:24PM +0000, Frank O'Dwyer wrote:
> I have uploaded a paper on the feasibility of dictionary attacking/brute
> forcing Windows 2000 Kerberos passwords (via sniffing the encrypted
> timestamp pre-authentication data) that may be of interest.
>
> I am aware that the vulnerability will not be news to anyone here, and the
> solutions are also pretty obvious, but as far as I know this has not
> received much public discussion in the context of W2K. It is also pretty
> clear that the public perception of W2K Kerberos strength against this sort
> of attack is not accurate.
>
> See http://www.brd.ie/papers/w2kkrb/feasibility_of_w2k_kerberos_attack.htm
Funny, I wrote a paper with a similar topic earlier this year, except
that (1) it covers the PA-ENC-TIMESTAMP, AS-REP, and TGS-REP, (2)
addresses more encryption types, and (3) has numbers for an actual
password cracker. I have not yet published it --- it is being
reviewed for a conference. I was unsure about publishing the code
(both the time measurement code and of course the password cracker).
I look forward to reading yours!
--
Jacques A. Vidrine <n at nectar.cc> http://www.nectar.cc/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the Kerberos
mailing list