Kerberos decryption, does Wireshark use subkeys?

asked 2020-06-09 16:23:02 +0000

Donlouigi91 gravatar image

updated 2020-06-10 09:31:24 +0000

Hello,

I am decrypting Kerberos traffic using a keytab file, so I can see the subkey. Does Wireshark use these subkeys automatically to decrypt further messages? Because I am not sure which key was used to encrypt the messages.

I use Wireshark in version 3.2.4

I will specify my question a bit, is the Key Derivation Function of kerberos implemented in Wireshark (RFC3961)? So that Wireshark creates keys derived from the subkeys in the background and uses them for decryption.

edit retag flag offensive close merge delete