Question about FAST

Henry B. Hotz hotz at
Thu Jul 8 13:02:35 EDT 2010

On Jul 8, 2010, at 9:03 AM, krbdev-request at wrote:

> On Sab, 26/6/10, Greg Hudson <ghudson at MIT.EDU> wrote:
>> I haven't personally tried to do this, so I'm not sure why John the
>> Ripper wouldn't be working.? Note that if your user principals require
>> preauth, you'd want to attack the second AS-REQ or second AS-REP; if
>> they don't require preauth, you'd want to attack the first AS-REP.
> I have asked the developer of Kerberos, and the author of krb5 cracker code said that the code is unlikely to work for most current deployments of Kerberos 
> Is there any idea of how to prove the vulberability of Kerberos without pre-authentication and using dictionary attack password guessing ?

John the Ripper supports single-des keys, and I think it requires an AFS3 salt as well.  Neither of those are enabled by default in current installations.

Not sure what this has to do with FAST.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list