After RFC 8429: Deprecate Triple-DES (3DES) and RC4 in Kerberos

Derek Atkins derek at
Mon Nov 5 10:57:50 EST 2018

Greg Hudson <ghudson at> writes:

> On 11/01/2018 10:30 AM, Weijun Wang wrote:
>> Now that RFC 8429 is published and 3DES and RC4 are deprecated, is
>> there any plan to remove them from etype list of KDC-REQ?
> For RC4, I would like Microsoft to take the lead.  3DES is our 
> responsibility, and is probably not in nearly as much use (although I'd 
> have to at least check if we're still using it internally at MIT), so it 
> is probably not as painful to deprecate.
> There is some ambiguity in how weak an enctype needs to be to qualify 
> for being affected by allow_weak_crypto.  The primary concerns about 
> des3-cbc-sha1 are its 64-bit block size and the fast speed of its 
> string-to-key operation; both of these are far less problematic than the 
> practical ability to recover a random single-DES key.  It would also be 
> a shame if administrators wound up enabling DES in order to make DES3 
> work (or RC4).

Maybe we need an "allow_very_weak_crypto" in addition to the

> krbdev mailing list             krbdev at


       Derek Atkins                 617-623-3745
       derek at   
       Computer and Internet Security Consultant

More information about the krbdev mailing list