Kerberos Password Sniffing
Paul Vixie
vixie at as.vix.com
Sat Nov 30 23:03:47 EST 2002
john at iastate.edu (John Hascall) writes:
> This is why good password choice is *critical*. If my password
> is "hello" then I will be cracked by this process in short
> order. If my password is "Op+f at 1btsIstd" it is extremely unlikely
> this is one of the keys they have to try so I am safe.
is there a "crack" module for kerberos? after reading the stanford paper
about how kerberos tickets could be attacked offline, i've been wanting to
actually try this -- no sniffing is required -- against my own kerberos db
to look for easy to guess passwords. probably distributed.net should run
this as a contest or something. but is there a kit available or would i
have to be a black hat to get my hands on software like that?
--
Paul Vixie
More information about the Kerberos
mailing list