Important Notice Regarding Kerberos 4 Support in MIT Kerberos

Sam Hartman hartmans at MIT.EDU
Fri Oct 28 08:34:36 EDT 2005 

This comes from a message distributed to another list but I thought it
might be useful here too.



On January 27th of this year, the MIT Kerberos Development team
announced plans to phase out support for Kerberos 4 in MIT Kerberos,
including v4 support in Kerberos for Macintosh and Kerberos for Windows.
We strongly recommend that all sites currently using Kerberos 4 migrate
their services and users to Kerberos 5 as soon as possible.

The MIT Kerberos team is making substantial changes to the client-side
initial ticket acquisition support in the next release of Kerberos.
These changes will improve the user experience for users who get
tickets for multiple realms that do not share keys.  Because we are no
longer dedicating resources for new Kerberos 4 features, this new code
will only support Kerberos 5.  As a result, sites using Kerberos 4 will
not be able to take advantage of this new feature.  In addition, since
this feature will be replacing existing code in Kerberos for Macintosh
and Kerberos for Windows, the Kerberos 4 user experience on Windows and
Mac OS X will be noticeably worse than in previous releases.

The first major changes which impact Kerberos 4 support are currently
scheduled for krb5-1.5 (May of 2006), Kerberos for Macintosh 6.0
(which will ship with Mac OS X Leopard), and Kerberos for Windows 3.1
(approximately June 2006).  We have no plans to remove Kerberos 4
support from earlier major releases of any of our products (ie: krb5
1.4.x, KfM 5.5.x (Tiger) and KfW 3.0.x).  As a result, currently
released operating system versions (and their software updates) will
most likely continue to provide Kerberos 4 support.

We would have liked to wait for sites to migrate to Kerberos 5 on their
own before beginning the process of de-supporting Kerberos 4.
Unfortunately, whenever we asked sites why they had yet to upgrade, we
were told that in order to justify the cost of migration, they need a
firm deadline.  Hence this announcement.


The following is the announcement from January.  It was also included
in the krb5-1.4 release notes:


IMPORTANT NOTICE REGARDING KERBEROS 4 SUPPORT
=============================================

In the past few years, several developments have shown the inadequacy
of the security of version 4 of the Kerberos protocol.  These
developments have led the MIT Kerberos Team to begin the process of
ending support for version 4 of the Kerberos protocol.  The plan
involves the eventual removal of Kerberos 4 support from the MIT
implementation of Kerberos.

The Data Encryption Standard (DES) has reached the end of its useful
life.  DES is the only encryption algorithm supported by Kerberos 4,
and the increasingly obvious inadequacy of DES motivates the
retirement of the Kerberos 4 protocol.  The National Institute of
Standards and Technology (NIST), which had previously certified DES as
a US government encryption standard, has officially announced[1] its
intention to withdraw the specification of DES.

NIST's action reflects the long-held opinion of the cryptographic
community that DES has too small a key space to be secure.  Breaking
DES encryption by an exhaustive search of its key space is within the
means of some individuals, many companies, and all major governments.
Consequently, DES cannot be considered secure for any long-term keys,
particularly the ticket-granting key that is central to Kerberos.

Serious protocol flaws[2] have been found in Kerberos 4.  These flaws
permit attacks which require far less effort than an exhaustive search
of the DES key space.  These flaws make Kerberos 4 cross-realm
authentication an unacceptable security risk and raise serious
questions about the security of the entire Kerberos 4 protocol.

The known insecurity of DES, combined with the recently discovered
protocol flaws, make it extremely inadvisable to rely on the security
of version 4 of the Kerberos protocol.  These factors motivate the MIT
Kerberos Team to remove support for Kerberos version 4 from the MIT
implementation of Kerberos.

The process of ending Kerberos 4 support began with release 1.3 of MIT
Kerberos 5.  In release 1.3, the KDC support for version 4 of the
Kerberos protocol is disabled by default.  Release 1.4 of MIT Kerberos
continues to include Kerberos 4 support (also disabled by default in
the KDC), but we intend to completely remove Kerberos 4 support from
some future release of MIT Kerberos, possibly as early as the 1.5
release of MIT Kerberos.

The MIT Kerberos Team has ended active development of Kerberos 4,
except for the eventual removal of all Kerberos 4 functionality.  We
will continue to provide critical security fixes for Kerberos 4, but
routine bug fixes and feature enhancements are at an end.

We recommend that any sites which have not already done so begin a
migration to Kerberos 5.  Kerberos 5 provides significant advantages
over Kerberos 4, including support for strong encryption,
extensibility, improved cross-vendor interoperability, and ongoing
development and enhancement.

If you have questions or issues regarding migration to Kerberos 5, we
recommend discussing them on the kerberos at mit.edu mailing list.

                               References

[1] National Institute of Standards and Technology.  Announcing
     Proposed Withdrawal of Federal Information Processing Standard
     (FIPS) for the Data Encryption Standard (DES) and Request for
     Comments.  Federal Register 04-16894, 69 FR 44509-44510, 26 July
     2004.  DOCID:fr26jy04-31.

[2] Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of
     Unauthenticated Encryption: Kerberos Version 4. In Proceedings of
     the Network and Distributed Systems Security Symposium. The
     Internet Society, February 2004.
     http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf


Sam Hartman
Manager, MIT Kerberos Development Team

More information about the Kerberos mailing list