Deprecate Triple-DES (3DES) and RC4 in Kerberos
RFC 8429

Document Type RFC - Best Current Practice (October 2018; No errata)
Also known as BCP 218
Last updated 2018-10-31
Stream IETF
Formats plain text pdf html bibtex
Reviews OPSDIR will not review this version
Stream WG state Submitted to IESG for Publication
Document shepherd Daniel Migault
Shepherd write-up Show (last changed 2017-07-11)
IESG IESG state RFC 8429 (Best Current Practice)
Consensus Boilerplate Yes
Telechat date
Responsible AD Eric Rescorla
Send notices to Daniel Migault <daniel.migault@ericsson.com>
IANA IANA review state IANA OK - Actions Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                          B. Kaduk
Request for Comments: 8429                                        Akamai
BCP: 218                                                        M. Short
Updates: 3961, 4120                                Microsoft Corporation
Category: Best Current Practice                             October 2018
ISSN: 2070-1721

            Deprecate Triple-DES (3DES) and RC4 in Kerberos

Abstract

   The triple-DES (3DES) and RC4 encryption types are steadily weakening
   in cryptographic strength, and the deprecation process should begin
   for their use in Kerberos.  Accordingly, RFC 4757 has been moved to
   Historic status, as none of the encryption types it specifies should
   be used, and RFC 3961 has been updated to note the deprecation of the
   triple-DES encryption types.  RFC 4120 is likewise updated to remove
   the recommendation to implement triple-DES encryption and checksum
   types.

Status of This Memo

   This memo documents an Internet Best Current Practice.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   BCPs is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8429.

Kaduk & Short             Best Current Practice                 [Page 1]
RFC 8429           Deprecate 3DES and RC4 in Kerberos       October 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Requirements Notation . . . . . . . . . . . . . . . . . . . .   3
   3.  Affected Specifications . . . . . . . . . . . . . . . . . . .   3
   4.  Affected Encryption Types . . . . . . . . . . . . . . . . . .   4
   5.  RC4 Weakness  . . . . . . . . . . . . . . . . . . . . . . . .   4
     5.1.  Statistical Biases  . . . . . . . . . . . . . . . . . . .   4
     5.2.  Password Hash . . . . . . . . . . . . . . . . . . . . . .   5
     5.3.  Cross-Protocol Key Reuse  . . . . . . . . . . . . . . . .   5
     5.4.  Interoperability Concerns . . . . . . . . . . . . . . . .   6
   6.  Triple-DES Weakness . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Password-Based Keys . . . . . . . . . . . . . . . . . . .   7
     6.2.  Block Size  . . . . . . . . . . . . . . . . . . . . . . .   7
     6.3.  Interoperability Concerns . . . . . . . . . . . . . . . .   7
   7.  Recommendations . . . . . . . . . . . . . . . . . . . . . . .   8
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   9.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   9
     10.2.  Informative References . . . . . . . . . . . . . . . . .   9
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

Kaduk & Short             Best Current Practice                 [Page 2]
RFC 8429           Deprecate 3DES and RC4 in Kerberos       October 2018

1.  Introduction

   The triple-DES (3DES) and RC4 encryption types (enctypes) are
   steadily weakening in cryptographic strength, and the deprecation
   process should begin for their use in Kerberos.  Accordingly, RFC
   4757 has been moved to Historic status, as none of the encryption
   types it specifies should be used, and RFC 3961 has been updated to
   note the deprecation of the triple-DES encryption types.  RFC 4120 is
   likewise updated to remove the recommendation to implement triple-DES
   encryption and checksum types.

2.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.
Show full document text