After RFC 8429: Deprecate Triple-DES (3DES) and RC4 in Kerberos

Greg Hudson ghudson at
Fri Nov 2 23:45:32 EDT 2018

On 11/01/2018 10:30 AM, Weijun Wang wrote:
> Now that RFC 8429 is published and 3DES and RC4 are deprecated, is there any plan to remove them from etype list of KDC-REQ?

For RC4, I would like Microsoft to take the lead.  3DES is our 
responsibility, and is probably not in nearly as much use (although I'd 
have to at least check if we're still using it internally at MIT), so it 
is probably not as painful to deprecate.

There is some ambiguity in how weak an enctype needs to be to qualify 
for being affected by allow_weak_crypto.  The primary concerns about 
des3-cbc-sha1 are its 64-bit block size and the fast speed of its 
string-to-key operation; both of these are far less problematic than the 
practical ability to recover a random single-DES key.  It would also be 
a shame if administrators wound up enabling DES in order to make DES3 
work (or RC4).

More information about the krbdev mailing list