The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757

 
Document Type RFC - Informational (December 2006; Errata)
Updated by RFC 6649
Was draft-jaganathan-rc4-hmac (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4757 (Informational)
Telechat date
Responsible AD Sam Hartman
Send notices to karthikj@microsoft.com, lzhu@microsoft.com, jhutz@cmu.edu
Network Working Group                                      K. Jaganathan
Request for Comments: 4757                                        L. Zhu
Category: Informational                                        J. Brezak
                                                   Microsoft Corporation
                                                           December 2006

    The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

IESG Note

   This document documents the RC4 Kerberos encryption types first
   introduced in Microsoft Windows 2000.  Since then, these encryption
   types have been implemented in a number of Kerberos implementations.
   The IETF Kerberos community supports publishing this specification as
   an informational document in order to describe this widely
   implemented technology.  However, while these encryption types
   provide the operations necessary to implement the base Kerberos
   specification [RFC4120], they do not provide all the required
   operations in the Kerberos cryptography framework [RFC3961].  As a
   result, it is not generally possible to implement potential
   extensions to Kerberos using these encryption types.  The Kerberos
   encryption type negotiation mechanism [RFC4537] provides one approach
   for using such extensions even when a Kerberos infrastructure uses
   long-term RC4 keys.  Because this specification does not implement
   operations required by RFC 3961 and because of security concerns with
   the use of RC4 and MD4 discussed in Section 8, this specification is
   not appropriate for publication on the standards track.

Jaganathan, et al.           Informational                      [Page 1]
RFC 4757                        RC4-HMAC                   December 2006

Abstract

   The Microsoft Windows 2000 implementation of Kerberos introduces a
   new encryption type based on the RC4 encryption algorithm and using
   an MD5 HMAC for checksum.  This is offered as an alternative to using
   the existing DES-based encryption types.

   The RC4-HMAC encryption types are used to ease upgrade of existing
   Windows NT environments, provide strong cryptography (128-bit key
   lengths), and provide exportable (meet United States government
   export restriction requirements) encryption.  This document describes
   the implementation of those encryption types.

Table of Contents

   1. Introduction ....................................................3
      1.1. Conventions Used in This Document ..........................3
   2. Key Generation ..................................................3
   3. Basic Operations ................................................4
   4. Checksum Types ..................................................5
   5. Encryption Types ................................................6
   6. Key Strength Negotiation ........................................8
   7. GSS-API Kerberos V5 Mechanism Type ..............................8
      7.1. Mechanism Specific Changes .................................8
      7.2. GSS-API MIC Semantics ......................................9
      7.3. GSS-API WRAP Semantics ....................................11
   8. Security Considerations ........................................15
   9. IANA Considerations ............................................15
   10. Acknowledgements ..............................................15
   11. References ....................................................16
      11.1. Normative References .....................................16
      11.2. Informative References ...................................16

Jaganathan, et al.           Informational                      [Page 2]
RFC 4757                        RC4-HMAC                   December 2006

1.  Introduction

   The Microsoft Windows 2000 implementation of Kerberos contains new
   encryption and checksum types for two reasons.  First, for export
   reasons early in the development process, 56-bit DES encryption could
   not be exported, and, second, upon upgrade from Windows NT 4.0 to
   Windows 2000, accounts will not have the appropriate DES keying
   material to do the standard DES encryption.  Furthermore, 3DES was
   not available for export when Windows 2000 was released, and there
   was a desire to use a single flavor of encryption in the product for
   both US and international products.

   As a result, there are two new encryption types and one new checksum
   type introduced in Microsoft Windows 2000.

   Note that these cryptosystems aren't intended to be complete,
Show full document text