[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using John the Ripper with Heimdal

To: heimdal-discuss@sics.se
Subject: Re: Using John the Ripper with Heimdal
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Thu, 15 Dec 2005 11:01:15 -0500
In-Reply-To: <rzqbqzixvpv.fsf@albion.dl.ac.uk>
Sender: owner-heimdal-discuss@sics.se

>How about posting the reference?  I can't find it, and it's not at all
>clear to me what the patch expects.  Also it seems only to deal with
>DES3.

I was curious about that as well.  AFAICT, it wants encrypted TGTs off
the wire (I'm not sure if it just wants the encrypted part, or the
whole thing); well, I guess technically a TGT itself isn't useful for
a password cracker, it probably wants an AS-REP.

This would be useful if you were an attacker and was sniffing the wire
for responses from the KDC.  It's not so useful if your an admin and
want to run it against an existing database.

Personally, I think running cracklib during password changes is a lot more
effective (you _do_ have a password changing policy, don't you? :-) ).

--Ken

Follow-Ups:
- RE: Using John the Ripper with Heimdal
  - From: "Randy McMurchy" <randy@linuxfromscratch.org>
- Re: Using John the Ripper with Heimdal
  - From: Dave Love <d.love@dl.ac.uk>

References:
- Re: Using John the Ripper with Heimdal
  - From: Dave Love <d.love@dl.ac.uk>

Prev by Date: Re: Miscellaneous questions regarding krb5.conf?
Next by Date: RE: Using John the Ripper with Heimdal
Prev by thread: Re: Using John the Ripper with Heimdal
Next by thread: RE: Using John the Ripper with Heimdal
Index(es):
- Date
- Thread