Score:0

What authenticated encryption do kerberos use in windows?

cn flag
adi

I have learned about the kerberos protocol and seen that the windows version uses a couple of authenticated encryption schemas (like rc4-hmac-md5).

What type of authenticated encryption is it? Is it a:

  1. Encrypt-then-MAC

  2. Encrypt-and-MAC

  3. MAC-then-Encrypt

Thank you

Score:2
fr flag

It depends on the algorithm. The Kerberos specification states that the encryption and decryption functions must handle integrity checking, but the algorithm specified must define this behavior.

The only reasonably secure Kerberos algorithm types that Windows supports are aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96. Neither of these are great choices since they use SHA-1, but HMAC-SHA-1 is still secure in this context, although SHA-1 on the whole should still be avoided. In these algorithms, it's encrypt-and-MAC: the plaintext is prepended with a random string, the MAC and encryption are both done over that preprended plaintext, and the MAC is appended.

For systems using the more modern aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192, they are encrypt-then-MAC: the MAC is computed over the ciphertext. Windows doesn't support that, however, although most Unix systems do.

Windows also supports a variety of older, insecure algorithms for Kerberos, none of which should be used. Those algorithms use single DES in CBC mode with a CRC (!) or HMAC-MD5, and RC4 with HMAC-MD5. Even though HMAC-MD5 is considered to be secure when used as a MAC, responsible parties don't use MD5 at all, and RC4 has weaknesses that are practically attackable in many protocols. Single DES is crackable commercially for $20, so it's totally insecure. If you're interested in their encryption anyway, I refer you to the relevant RFCs.

adi avatar
cn flag
adi
I see, so windows used the rfc suggestions for the older algorithms (without changing the schemas).
bk2204 avatar
fr flag
Well, the RFCs define how those algorithms are implemented. They're normative if you implement those algorithms as part of Kerberos, and if you change them then it isn't Kerberos. If Windows did things differently, then it wouldn't interoperate with other systems using Kerberos, which would be bad for lots of reasons. Windows could implement the AES-CTS-HMAC-SHA-2 schemes for improved security, but it hasn't.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.