Encryption and Checksum Specifications for Kerberos 5
RFC 3961
Document | Type |
RFC - Proposed Standard
(February 2005; Errata)
Updated by RFC 8429
|
|
---|---|---|---|
Author | Kenneth Raeburn | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3961 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | <jhutz+@cmu.edu> |
Network Working Group K. Raeburn Request for Comments: 3961 MIT Category: Standards Track February 2005 Encryption and Checksum Specifications for Kerberos 5 Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes a framework for defining encryption and checksum mechanisms for use with the Kerberos protocol, defining an abstraction layer between the Kerberos protocol and related protocols, and the actual mechanisms themselves. The document also defines several mechanisms. Some are taken from RFC 1510, modified in form to fit this new framework and occasionally modified in content when the old specification was incorrect. New mechanisms are presented here as well. This document does NOT indicate which mechanisms may be considered "required to implement". Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Encryption Algorithm Profile . . . . . . . . . . . . . . . . 4 4. Checksum Algorithm Profile . . . . . . . . . . . . . . . . . 9 5. Simplified Profile for CBC Ciphers with Key Derivation . . . 10 5.1. A Key Derivation Function . . . . . . . . . . . . . . . 10 5.2. Simplified Profile Parameters . . . . . . . . . . . . . 12 5.3. Cryptosystem Profile Based on Simplified Profile . . . 13 5.4. Checksum Profiles Based on Simplified Profile . . . . . 16 6. Profiles for Kerberos Encryption and Checksum Algorithms . . 16 6.1. Unkeyed Checksums . . . . . . . . . . . . . . . . . . . 17 6.2. DES-based Encryption and Checksum Types . . . . . . . . 18 6.3. Triple-DES Based Encryption and Checksum Types . . . . 28 7. Use of Kerberos Encryption Outside This Specification . . . . 30 Raeburn Standards Track [Page 1] RFC 3961 Encryption and Checksum Specifications February 2005 8. Assigned Numbers . . . . . . . . . . . . . . . . . . . . . . 31 9. Implementation Notes . . . . . . . . . . . . . . . . . . . . 32 10. Security Considerations . . . . . . . . . . . . . . . . . . . 33 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 12. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . 36 A. Test vectors . . . . . . . . . . . . . . . . . . . . . . . . 38 A.1. n-fold . . . . . . . . . . . . . . . . . . . . . . . . 38 A.2. mit_des_string_to_key . . . . . . . . . . . . . . . . . 39 A.3. DES3 DR and DK . . . . . . . . . . . . . . . . . . . . 43 A.4. DES3string_to_key . . . . . . . . . . . . . . . . . . . 44 A.5. Modified CRC-32 . . . . . . . . . . . . . . . . . . . . 44 B. Significant Changes from RFC 1510 . . . . . . . . . . . . . . 45 Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Normative References. . . . . . . . . . . . . . . . . . . . . . . 47 Informative References. . . . . . . . . . . . . . . . . . . . . . 48 Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 49 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 50 1. Introduction The Kerberos protocols [Kerb] are designed to encrypt messages of arbitrary sizes, using block encryption ciphers or, less commonly, stream encryption ciphers. Encryption is used to prove the identities of the network entities participating in message exchanges. However, nothing in the Kerberos protocol requires that any specific encryption algorithm be used, as long as the algorithm includes certain operations. The following sections specify the encryption and checksum mechanisms currently defined for Kerberos, as well as a framework for defining future mechanisms. The encoding, chaining, padding, and other requirements for each are described. Appendix A gives test vectors for several functions. 2. Concepts Both encryption and checksum mechanisms are profiled in later sections. Each profile specifies a collection of operations and attributes that must be defined for a mechanism. A Kerberos encryption or checksum mechanism specification is not complete if it does not define all of these operations and attributes. An encryption mechanism must provide for confidentiality and integrity of the original plaintext. (Incorporating a checksum mayShow full document text