-
Enhancement
-
Resolution: Not an Issue
-
P4
-
None
In, RFC 6649 and 8429:
Kerberos implementations and deployments SHOULD NOT implement or
deploy the following checksum types: CRC32(1), RSA-MD4(2),
RSA-MD4-DES(3), DES-MAC(4), DES-MAC-K(5), RSA-MD4-DES-K(6),
RSA-MD5-DES(8) (updates [RFC4120]).
Kerberos implementations and deployments SHOULD NOT implement or
deploy the following checksum types: RSA-MD5(7), RSA-MD5-DES3(9),
HMAC-SHA1-DES3-KD(12), and HMAC-SHA1-DES3(13) (updates [RFC3961] and
[RFC4120]).
While we do not create these checksum types ourselves (when allow_weak_crypto = false and no default_checksum), we still accept them in incoming messages. This is not a security issue because they are always embedded in either an encrypted Authenticator or an encrypted PA-FOR-USER-ENC.
That said, we can consider adding a new setting to reject them as well.
Note: PA-FOR-USER-ENC is defined to always use CKSUMTYPE_HMAC_MD5_ARCFOUR and it should be able to use it even if this setting is introduced.
Kerberos implementations and deployments SHOULD NOT implement or
deploy the following checksum types: CRC32(1), RSA-MD4(2),
RSA-MD4-DES(3), DES-MAC(4), DES-MAC-K(5), RSA-MD4-DES-K(6),
RSA-MD5-DES(8) (updates [RFC4120]).
Kerberos implementations and deployments SHOULD NOT implement or
deploy the following checksum types: RSA-MD5(7), RSA-MD5-DES3(9),
HMAC-SHA1-DES3-KD(12), and HMAC-SHA1-DES3(13) (updates [RFC3961] and
[RFC4120]).
While we do not create these checksum types ourselves (when allow_weak_crypto = false and no default_checksum), we still accept them in incoming messages. This is not a security issue because they are always embedded in either an encrypted Authenticator or an encrypted PA-FOR-USER-ENC.
That said, we can consider adding a new setting to reject them as well.
Note: PA-FOR-USER-ENC is defined to always use CKSUMTYPE_HMAC_MD5_ARCFOUR and it should be able to use it even if this setting is introduced.
- relates to
-
-
- Resolved
-