• DocumentCode
    3300524
  • Title

    Extracting Kerberos passwords through RC4-HMAC encryption type analysis

  • Author

    Alazzawe, A. ; Alazzawe, A. ; Nawaz, Ausama ; Wijesekera, Duminda

  • Author_Institution
    George Mason Univ., Fairfax
  • fYear
    2008
  • fDate
    March 31 2008-April 4 2008
  • Firstpage
    679
  • Lastpage
    685
  • Abstract
    In this paper, we propose a system and method for obtaining Kerberos passwords by capturing a single packet, encrypted using the RC4-HMAC encryption type. We present two methods that when combined together, can reduce the time needed to crack a password by 60.2% over brute force. The first method uses known text in the preauthentication phase to skip the verification section of the decryption process. The second method precomputes some of the steps of the RC4-HMAC decryption process. We also present a novel method of eliminating the amount of space needed to store passwords in memory by using a counter to map hashes to their password.
  • Keywords
    cryptography; message authentication; Kerberos passwords; RC4-HMAC encryption; decryption; Authentication; Costs; Counting circuits; Cryptographic protocols; Cryptography;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Systems and Applications, 2008. AICCSA 2008. IEEE/ACS International Conference on
  • Conference_Location
    Doha
  • Print_ISBN
    978-1-4244-1967-8
  • Electronic_ISBN
    978-1-4244-1968-5
  • Type

    conf

  • DOI
    10.1109/AICCSA.2008.4493602
  • Filename
    4493602