The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows
RFC 4757
Document | Type |
RFC - Historic
(December 2006; Errata)
Updated by RFC 6649
Status changed by status-change-kerberos-3des-rc4-to-historic
Was draft-jaganathan-rc4-hmac (individual in sec area)
|
|
---|---|---|---|
Authors | Karthik Jaganathan , Larry Zhu , John Brezak | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4757 (Historic) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Sam Hartman | ||
Send notices to | jhutz@cmu.edu |
Network Working Group K. Jaganathan Request for Comments: 4757 L. Zhu Category: Informational J. Brezak Microsoft Corporation December 2006 The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2006). IESG Note This document documents the RC4 Kerberos encryption types first introduced in Microsoft Windows 2000. Since then, these encryption types have been implemented in a number of Kerberos implementations. The IETF Kerberos community supports publishing this specification as an informational document in order to describe this widely implemented technology. However, while these encryption types provide the operations necessary to implement the base Kerberos specification [RFC4120], they do not provide all the required operations in the Kerberos cryptography framework [RFC3961]. As a result, it is not generally possible to implement potential extensions to Kerberos using these encryption types. The Kerberos encryption type negotiation mechanism [RFC4537] provides one approach for using such extensions even when a Kerberos infrastructure uses long-term RC4 keys. Because this specification does not implement operations required by RFC 3961 and because of security concerns with the use of RC4 and MD4 discussed in Section 8, this specification is not appropriate for publication on the standards track. Jaganathan, et al. Informational [Page 1] RFC 4757 RC4-HMAC December 2006 Abstract The Microsoft Windows 2000 implementation of Kerberos introduces a new encryption type based on the RC4 encryption algorithm and using an MD5 HMAC for checksum. This is offered as an alternative to using the existing DES-based encryption types. The RC4-HMAC encryption types are used to ease upgrade of existing Windows NT environments, provide strong cryptography (128-bit key lengths), and provide exportable (meet United States government export restriction requirements) encryption. This document describes the implementation of those encryption types. Table of Contents 1. Introduction ....................................................3 1.1. Conventions Used in This Document ..........................3 2. Key Generation ..................................................3 3. Basic Operations ................................................4 4. Checksum Types ..................................................5 5. Encryption Types ................................................6 6. Key Strength Negotiation ........................................8 7. GSS-API Kerberos V5 Mechanism Type ..............................8 7.1. Mechanism Specific Changes .................................8 7.2. GSS-API MIC Semantics ......................................9 7.3. GSS-API WRAP Semantics ....................................11 8. Security Considerations ........................................15 9. IANA Considerations ............................................15 10. Acknowledgements ..............................................15 11. References ....................................................16 11.1. Normative References .....................................16 11.2. Informative References ...................................16 Jaganathan, et al. Informational [Page 2] RFC 4757 RC4-HMAC December 2006 1. Introduction The Microsoft Windows 2000 implementation of Kerberos contains new encryption and checksum types for two reasons. First, for export reasons early in the development process, 56-bit DES encryption could not be exported, and, second, upon upgrade from Windows NT 4.0 to Windows 2000, accounts will not have the appropriate DES keying material to do the standard DES encryption. Furthermore, 3DES was not available for export when Windows 2000 was released, and there was a desire to use a single flavor of encryption in the product for both US and international products. As a result, there are two new encryption types and one new checksum type introduced in Microsoft Windows 2000. Note that these cryptosystems aren't intended to be complete, general-purpose Kerberos encryption or checksum systems as defined in [RFC3961]: there is no one-one mapping between the operations in this documents and the primitives described in [RFC3961].Show full document text