Deprecate Triple-DES (3DES) and RC4 in Kerberos
RFC 8429
| Document | Type |
RFC - Best Current Practice
(October 2018; No errata)
Also known as BCP 218
|
|
|---|---|---|---|
| Authors | Benjamin Kaduk , Michiko Short | ||
| Last updated | 2018-10-31 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Daniel Migault | ||
| Shepherd write-up | Show (last changed 2017-07-11) | ||
| IESG | IESG state | RFC 8429 (Best Current Practice) | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Eric Rescorla | ||
| Send notices to | Daniel Migault <daniel.migault@ericsson.com> | ||
| IANA | IANA review state | IANA OK - Actions Needed | |
| IANA action state | RFC-Ed-Ack | ||
Internet Engineering Task Force (IETF) B. Kaduk
Request for Comments: 8429 Akamai
BCP: 218 M. Short
Updates: 3961, 4120 Microsoft Corporation
Category: Best Current Practice October 2018
ISSN: 2070-1721
Deprecate Triple-DES (3DES) and RC4 in Kerberos
Abstract
The triple-DES (3DES) and RC4 encryption types are steadily weakening
in cryptographic strength, and the deprecation process should begin
for their use in Kerberos. Accordingly, RFC 4757 has been moved to
Historic status, as none of the encryption types it specifies should
be used, and RFC 3961 has been updated to note the deprecation of the
triple-DES encryption types. RFC 4120 is likewise updated to remove
the recommendation to implement triple-DES encryption and checksum
types.
Status of This Memo
This memo documents an Internet Best Current Practice.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
BCPs is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8429.
Kaduk & Short Best Current Practice [Page 1]
RFC 8429 Deprecate 3DES and RC4 in Kerberos October 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3
3. Affected Specifications . . . . . . . . . . . . . . . . . . . 3
4. Affected Encryption Types . . . . . . . . . . . . . . . . . . 4
5. RC4 Weakness . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1. Statistical Biases . . . . . . . . . . . . . . . . . . . 4
5.2. Password Hash . . . . . . . . . . . . . . . . . . . . . . 5
5.3. Cross-Protocol Key Reuse . . . . . . . . . . . . . . . . 5
5.4. Interoperability Concerns . . . . . . . . . . . . . . . . 6
6. Triple-DES Weakness . . . . . . . . . . . . . . . . . . . . . 6
6.1. Password-Based Keys . . . . . . . . . . . . . . . . . . . 7
6.2. Block Size . . . . . . . . . . . . . . . . . . . . . . . 7
6.3. Interoperability Concerns . . . . . . . . . . . . . . . . 7
7. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
10.1. Normative References . . . . . . . . . . . . . . . . . . 9
10.2. Informative References . . . . . . . . . . . . . . . . . 9
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
Kaduk & Short Best Current Practice [Page 2]
RFC 8429 Deprecate 3DES and RC4 in Kerberos October 2018
1. Introduction
The triple-DES (3DES) and RC4 encryption types (enctypes) are
steadily weakening in cryptographic strength, and the deprecation
process should begin for their use in Kerberos. Accordingly, RFC
4757 has been moved to Historic status, as none of the encryption
types it specifies should be used, and RFC 3961 has been updated to
note the deprecation of the triple-DES encryption types. RFC 4120 is
likewise updated to remove the recommendation to implement triple-DES
encryption and checksum types.
2. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Show full document text