The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757
| Document | Type |
RFC - Historic
(December 2006; Errata)
Updated by RFC 6649
Status changed by status-change-kerberos-3des-rc4-to-historic
Was draft-jaganathan-rc4-hmac (individual in sec area)
|
|
|---|---|---|---|
| Authors | Karthik Jaganathan , Larry Zhu , John Brezak | ||
| Last updated | 2020-01-21 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4757 (Historic) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sam Hartman | ||
| Send notices to | jhutz@cmu.edu | ||
Network Working Group K. Jaganathan
Request for Comments: 4757 L. Zhu
Category: Informational J. Brezak
Microsoft Corporation
December 2006
The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2006).
IESG Note
This document documents the RC4 Kerberos encryption types first
introduced in Microsoft Windows 2000. Since then, these encryption
types have been implemented in a number of Kerberos implementations.
The IETF Kerberos community supports publishing this specification as
an informational document in order to describe this widely
implemented technology. However, while these encryption types
provide the operations necessary to implement the base Kerberos
specification [RFC4120], they do not provide all the required
operations in the Kerberos cryptography framework [RFC3961]. As a
result, it is not generally possible to implement potential
extensions to Kerberos using these encryption types. The Kerberos
encryption type negotiation mechanism [RFC4537] provides one approach
for using such extensions even when a Kerberos infrastructure uses
long-term RC4 keys. Because this specification does not implement
operations required by RFC 3961 and because of security concerns with
the use of RC4 and MD4 discussed in Section 8, this specification is
not appropriate for publication on the standards track.
Jaganathan, et al. Informational [Page 1]
RFC 4757 RC4-HMAC December 2006
Abstract
The Microsoft Windows 2000 implementation of Kerberos introduces a
new encryption type based on the RC4 encryption algorithm and using
an MD5 HMAC for checksum. This is offered as an alternative to using
the existing DES-based encryption types.
The RC4-HMAC encryption types are used to ease upgrade of existing
Windows NT environments, provide strong cryptography (128-bit key
lengths), and provide exportable (meet United States government
export restriction requirements) encryption. This document describes
the implementation of those encryption types.
Table of Contents
1. Introduction ....................................................3
1.1. Conventions Used in This Document ..........................3
2. Key Generation ..................................................3
3. Basic Operations ................................................4
4. Checksum Types ..................................................5
5. Encryption Types ................................................6
6. Key Strength Negotiation ........................................8
7. GSS-API Kerberos V5 Mechanism Type ..............................8
7.1. Mechanism Specific Changes .................................8
7.2. GSS-API MIC Semantics ......................................9
7.3. GSS-API WRAP Semantics ....................................11
8. Security Considerations ........................................15
9. IANA Considerations ............................................15
10. Acknowledgements ..............................................15
11. References ....................................................16
11.1. Normative References .....................................16
11.2. Informative References ...................................16
Jaganathan, et al. Informational [Page 2]
RFC 4757 RC4-HMAC December 2006
1. Introduction
The Microsoft Windows 2000 implementation of Kerberos contains new
encryption and checksum types for two reasons. First, for export
reasons early in the development process, 56-bit DES encryption could
not be exported, and, second, upon upgrade from Windows NT 4.0 to
Windows 2000, accounts will not have the appropriate DES keying
material to do the standard DES encryption. Furthermore, 3DES was
not available for export when Windows 2000 was released, and there
was a desire to use a single flavor of encryption in the product for
both US and international products.
As a result, there are two new encryption types and one new checksum
type introduced in Microsoft Windows 2000.
Note that these cryptosystems aren't intended to be complete,
general-purpose Kerberos encryption or checksum systems as defined in
[RFC3961]: there is no one-one mapping between the operations in this
documents and the primitives described in [RFC3961].
Show full document text