[draft] End of Support For Kerberos 4

Sam Hartman hartmans at MIT.EDU
Fri Aug 20 16:19:43 EDT 2004 

[Comments before I send this to kerberos-announce are welcome.]

With the release of MIT Kerberos version 1.3, MIT began the process of
ending support for version 4 of the Kerberos protocol.  IN the 1.3
release, we default to disabling Kerberos protocol version 4 on MIT
KDCs.

Now we announce the continuation of our plan to end support for
Kerberos 4.  This plan will continue in two phases.  First, MIT is
committed to including Kerberos 4 support in release 1.4 of MIT
Kerberos.  However we plan to remove Kerberos 4 support from some
future version of MIT Kerberos; hopefully we will be able to remove
Kerberos 4 support for the 1.5 release of MIT Kerberos.

Secondly, MIT has ended development of Kerberos 4 except for two
special projects.  The first project is to merge the Kerberos 4
implementation used on Windows into the main Kerberos 4 implementation
used on Unix and the Mac.  The second project is the eventual removal
of all Kerberos 4 functionality.  MIT will continue to provide
critical security fixes for Kerberos 4, but routine bug fixing and
feature enhancements are at an end.


We recommend any sites that have not already done so begin a migration
to Kerberos 5.  Kerberos 5 provides  support for strong  encryption,
extensibility, much better cross-vendor interoperability and ongoing
development and enhancement.    

Over the past year, two developments have lead to the critical need to
end support for Kerberos 4.  The first is the NIST decision to end
certification for the DES encryption system [1].  DES is the only
encryption supported by Kerberos 4.  Affording the equipment necessary
to break DES encryption is within the means of many companies and all
major governments.  As such, DES cannot be considered secure for any
long-term keys, especially including the ticket-granting key that is
central to a Kerberos.  Secondly, protocol flaws were discovered in
Kerberos 4 [2].  These flaws make cross-realm authentication an
unacceptable security risk for Kerberos 4 and call into question the
security of the entire Kerberos 4 protocol.


We wish you all the best of luck in your migration to Kerberos 5 and
hope you enjoy the flexibility and power of the new protocol.

                              References

[1]  http://csrc.ncsl.nist.gov/publications/nistbul/09-02itl.pdf

[2]       Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of
       Unauthenticated Encryption: Kerberos Version 4. In Proceedings
       of the Network and Distributed Systems Security
       Symposium. The
       Internet Society, February 2004. 
       (http://web.mit.edu/tlyu/papers/krb4peril-ndss04.pdf)

More information about the krbdev mailing list