After RFC 8429: Deprecate Triple-DES (3DES) and RC4 in Kerberos
Benjamin Kaduk
kaduk at mit.edu
Mon Nov 5 11:04:12 EST 2018
On Mon, Nov 05, 2018 at 10:57:50AM -0500, Derek Atkins wrote:
> Greg Hudson <ghudson at mit.edu> writes:
>
> > On 11/01/2018 10:30 AM, Weijun Wang wrote:
> >> Now that RFC 8429 is published and 3DES and RC4 are deprecated, is
> >> there any plan to remove them from etype list of KDC-REQ?
> >
> > For RC4, I would like Microsoft to take the lead. 3DES is our
> > responsibility, and is probably not in nearly as much use (although I'd
> > have to at least check if we're still using it internally at MIT), so it
> > is probably not as painful to deprecate.
> >
> > There is some ambiguity in how weak an enctype needs to be to qualify
> > for being affected by allow_weak_crypto. The primary concerns about
> > des3-cbc-sha1 are its 64-bit block size and the fast speed of its
> > string-to-key operation; both of these are far less problematic than the
> > practical ability to recover a random single-DES key. It would also be
> > a shame if administrators wound up enabling DES in order to make DES3
> > work (or RC4).
>
> Maybe we need an "allow_very_weak_crypto" in addition to the
> "allow_weak_crypto"?
Perhaps ... though what is keeping us from biting the bullet and just not
exposing single-DES at all (forcing sites that need it to stay on an old
software branch)?
-Ben
More information about the krbdev
mailing list