Paper: Feasibility of attacking Windows 2000 Kerberos Passwords

Frank O'Dwyer fod at brd.ie
Wed Mar 6 10:55:41 EST 2002


"Nicolas Williams" <Nicolas.Williams at ubsw.com> wrote in message
news:20020306094804.C27171 at sm2p1386swk.wdr.com...
> You know it's not just Windows 2000 that uses PA-ENC-TIMESTAMP.
>
> So why the title?

I couldn't see any reason to break with the tradition of naming the paper
after what it is about, hence the title :)

The paper is not about PA-ENC-TIMESTAMP, or other implementations of it,
it's about the feasibility of getting somewhere in a real-world situation
against W2K Kerberos. It's not even exhaustive as far as that scope goes.

Obviously the attack does apply to, in fact has been derived from, attacks
on other krb5 implementations using the timestamp with other encryption
methods. Actually I did not know for sure that W2K used PA-ENC-TIMESTAMP, or
even if it used the standard AS protocol at all until I looked into it.

Cheers,
Frank.

> Nico





More information about the Kerberos mailing list