Questions about supported_enctypes

Robbie Harwood rharwood at redhat.com
Mon May 20 18:37:02 EDT 2019


Greg Hudson <ghudson at mit.edu> writes:

> On 5/18/19 10:49 PM, Dan Mahoney (Gushi) wrote:
>
>> q3: On the same note, what are others in the modern world moving to
>> with this algo being deprecated?  Is there a current recommendation?
>> If one disables des3-cbc-sha1, what versions of kerberos are you
>> effectively blackholing?
>
> Any Kerberos implementation from the last 15 or so years will support
> the aes-sha1 enctypes, so aes256-cts-hmac-sha1-96 should interoperate
> with everything you're likely to run into.  des3-cbc-sha1 doesn't see
> a lot of use because it was introduced not long before the aes-sha1
> enctypes, and because it was never implemented by Microsoft (only MIT
> krb5 and Heimdal).

A breakdown of the why and what was conducted as part of rfc8429
(https://tools.ietf.org/html/rfc8429), which you may find helpful as
well.

>> (I have no idea about apple's internal processes, or what other
>> vendors are following suit).
>
> I think Apple has traditionally been more aggressive than the rest of
> the ecosystem, having completely removed single-DES support a while
> ago and now warning about des3 and rc4.
>
> MIT krb5 is tentatively planning to remove single-DES support in 1.18
> and deprecate triple-DES.  I believe Fedora plans to remove both
> single-DES and triple-DES support in the next release.

That's correct - I'm removing 3DES/1DES wholesale in Fedora 31.  The
change page for that is
https://fedoraproject.org/wiki/Changes/krb5_crypto_modernization , but
it's mostly a re-hash of what's been said above.

Thanks,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190520/99f3116d/attachment.bin


More information about the Kerberos mailing list