As a pentester kerberosting used to reveal a service password on about 50% of networks on the 2010s when admins were making the passwords. Today our advice to clients on kerberosting is the same as it was back then, use a password manager to generate a 21 character password for all service accounts and disabled RC4 where possible. 52^21 is quite a large key space and even at 10^10 guesses per second over a year your chances are less than 1 in a billion of a successful crack.
replyCheap Cloud storage has never returned rainbow tables to viability, right? I stopped checking sometime after I got out of the space.
replysalting defeats the rainbow table, kerberos uses PBKDF2 that defeats the rainbows
replyGood point, it's computing not cracking.
replyI will make a slight subtle distinction though. Cracking a hash doesn't mean determining what the input must have been. It means finding an input that resolves to the same hash - not necessarily the original input.