Deprecate Triple-DES (3DES) and RC4 in Kerberos
RFC 8429
Document | Type |
RFC - Best Current Practice
(October 2018; No errata)
Also known as BCP 218
|
|
---|---|---|---|
Authors | Benjamin Kaduk , Michiko Short | ||
Last updated | 2018-10-31 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Daniel Migault | ||
Shepherd write-up | Show (last changed 2017-07-11) | ||
IESG | IESG state | RFC 8429 (Best Current Practice) | |
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Eric Rescorla | ||
Send notices to | Daniel Migault <daniel.migault@ericsson.com> | ||
IANA | IANA review state | IANA OK - Actions Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) B. Kaduk Request for Comments: 8429 Akamai BCP: 218 M. Short Updates: 3961, 4120 Microsoft Corporation Category: Best Current Practice October 2018 ISSN: 2070-1721 Deprecate Triple-DES (3DES) and RC4 in Kerberos Abstract The triple-DES (3DES) and RC4 encryption types are steadily weakening in cryptographic strength, and the deprecation process should begin for their use in Kerberos. Accordingly, RFC 4757 has been moved to Historic status, as none of the encryption types it specifies should be used, and RFC 3961 has been updated to note the deprecation of the triple-DES encryption types. RFC 4120 is likewise updated to remove the recommendation to implement triple-DES encryption and checksum types. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8429. Kaduk & Short Best Current Practice [Page 1] RFC 8429 Deprecate 3DES and RC4 in Kerberos October 2018 Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3 3. Affected Specifications . . . . . . . . . . . . . . . . . . . 3 4. Affected Encryption Types . . . . . . . . . . . . . . . . . . 4 5. RC4 Weakness . . . . . . . . . . . . . . . . . . . . . . . . 4 5.1. Statistical Biases . . . . . . . . . . . . . . . . . . . 4 5.2. Password Hash . . . . . . . . . . . . . . . . . . . . . . 5 5.3. Cross-Protocol Key Reuse . . . . . . . . . . . . . . . . 5 5.4. Interoperability Concerns . . . . . . . . . . . . . . . . 6 6. Triple-DES Weakness . . . . . . . . . . . . . . . . . . . . . 6 6.1. Password-Based Keys . . . . . . . . . . . . . . . . . . . 7 6.2. Block Size . . . . . . . . . . . . . . . . . . . . . . . 7 6.3. Interoperability Concerns . . . . . . . . . . . . . . . . 7 7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 8 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 9 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Kaduk & Short Best Current Practice [Page 2] RFC 8429 Deprecate 3DES and RC4 in Kerberos October 2018 1. Introduction The triple-DES (3DES) and RC4 encryption types (enctypes) are steadily weakening in cryptographic strength, and the deprecation process should begin for their use in Kerberos. Accordingly, RFC 4757 has been moved to Historic status, as none of the encryption types it specifies should be used, and RFC 3961 has been updated to note the deprecation of the triple-DES encryption types. RFC 4120 is likewise updated to remove the recommendation to implement triple-DES encryption and checksum types. 2. Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.Show full document text