Is there a reference anywhere that outlines the different password
salting methods used by different KDCs?

AFAICT AD w/ RC4 doesn't actually use a salt. Heimdal seems to just
use the realm and principal name concatenated together without any

What does MIT do?

What does Windows 2008 w/ AES use?

Windows 2000?

Do the salt values change depending on the enctype?

I'm interested in knowing to what degree salts can be predicted given
only the information a client preparing to issue an AS-REQ would have.

Ultimately I'm trying to reduce ETYPE_INFO(2) discovery to improve
performance and get rid of annoying Windows "preauthentication failed"
event log errors.


Michael B Allen
PHP Active Directory SPNEGO SSO