Hello. I am working on a Kerberos 5 preauth password recovery tool. Part of an algorithm optimization involves checking the decrypted timestamp to make sure that it equals the year that the packet was recovered before continuing to compute a checksum. If the timestamp does not equal the year the packet was recovered, the checksum computation can be skipped for that candidate password.
However, I am still currently decrypting 18 bytes of the RC4-encrypted timestamp when I only need to decrypt 8 or maybe even 4.
the encrypted timestamp is 36 bytes long. starting at byte 15 is the actual timestamp in the format YYYYMMDDHHMMSSZ. I only need the to decrypt the year, really. But currently I only know how to decrypt the year by decrypting everything before it as such:
I have to decrypt 14 bytes I don't use at all. I was wondering if there was a way I could jump to byte 15 and only decrypt bytes 15-18, and then if the timestamp checks, go back and decrypt the entire timestamp. I am using the OpenSSL libraries. Speed is essential, which is why I am doing this in the first place. Thanks ahead of time!