Password Salting Methods
Michael B Allen
ioplex at gmail.com
Thu May 29 22:22:10 EDT 2008
Hi,
Is there a reference anywhere that outlines the different password
salting methods used by different KDCs?
AFAICT AD w/ RC4 doesn't actually use a salt. Heimdal seems to just
use the realm and principal name concatenated together without any
separators.
What does MIT do?
What does Windows 2008 w/ AES use?
Windows 2000?
Do the salt values change depending on the enctype?
I'm interested in knowing to what degree salts can be predicted given
only the information a client preparing to issue an AS-REQ would have.
Ultimately I'm trying to reduce ETYPE_INFO(2) discovery to improve
performance and get rid of annoying Windows "preauthentication failed"
event log errors.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list