Kerberos Password Sniffing

Paul Vixie vixie at
Sat Nov 30 23:03:47 EST 2002

john at (John Hascall) writes:

>    This is why good password choice is *critical*.  If my password
>    is "hello" then I will be cracked by this process in short
>    order.  If my password is "Op+f at 1btsIstd" it is extremely unlikely
>    this is one of the keys they have to try so I am safe.

is there a "crack" module for kerberos?  after reading the stanford paper
about how kerberos tickets could be attacked offline, i've been wanting to
actually try this -- no sniffing is required -- against my own kerberos db
to look for easy to guess passwords.  probably should run
this as a contest or something.  but is there a kit available or would i
have to be a black hat to get my hands on software like that?
Paul Vixie

More information about the Kerberos mailing list