Question about FAST

Henry B. Hotz hotz at
Thu Jul 8 16:14:23 EDT 2010

I've never run JtR myself.  Just talked to people who have.  It seems to be popular at AFS installations.

My impression was that it required a dump of the kerberos database to operate.  Presumably the JtR documentation is the place to go (not me).

On Jul 8, 2010, at 12:08 PM, kristian wrote:

> On 9/7/10, Henry B. Hotz <hotz at> wrote :
> > John the Ripper supports single-des keys, and I think it requires an AFS3 salt as well.  
> > Neither of those are enabled by default in current installations.
> They claim that JTR can decrypt TGT of kerberos V5, but where can I get the AS_REP hex string to be decrypted? Instead the hex string of ticket in AS_REP always changes and the code entered in JTR must be static, I think.
> So, any idea how to decrypt AS_REP to get the ticket by performing offline dictionary attack ?

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list