Why are des-cbc-hmac and rc4-hmac-exp considered weak in kerberos?

adi

1/28/23, 6:12 PM

Kerberos uses des-cbc-hmac (mac and encrypt) and rc4-hmac-exp based on md5 (mac and encrypt I think) in their encryptions.

Those encryptions are considered as weak and should not be used. Why are they considered as weak? What attacks can be launched against those encryptions?

0 + 0

des

mac

cbc

rc4

kerberos

Score:2

Crypto

hft

1/28/23, 6:45 PM

Kerberos uses des-cbc-hmac (mac and encrypt) and rc4-hmac-exp based on md5 (mac and encrypt I think) in their encryptions.

Those encryptions are considered as weak and should not be used. Why are they considered as weak? What attacks can be launched against those encryptions?

Regarding the ciphers:

DES is considered to be a weak block cipher because the key length is relatively short. This is one reason why "triple DES" (3DES) was created.
RC4 is a stream cipher that suffers from a variety of different vulnerabilities detailed, for example, on the RC4 Wikipedia page.

Regarding the cipher mode: Cipher block chaining (CBC) is not easily parallelizable, so other modes like CCM or GMC might be preferred.

Regarding authenticated encryption: It is usually accepted that "encrypt then MAC" is better than "MAC then encrypt" and both are better than "MAC and encrypt." See, for example, section 5.3 of Introduction to Modern Cryptography (3rd Edition) by Katz and Lindell. Those authors use the terms "encrypt-and-authenticate" vs "authenticate-then-encrypt" vs "encrypt-then-authenticate."

0 + 0

adi

1/28/23, 7:27 PM

I see. But does not the authenticated encryption protect it from these attacks?

hft

1/28/23, 8:52 PM

Which attacks? For example, the DES block cipher has a weak/short key length regardless of the mode and regardless of the authenticated encryption scheme.

adi

1/29/23, 5:03 AM

I see, so the attacker can read the data. Same thing for the rc4. But can he change the data in some way - does not the mac protect it?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why are des-cbc-hmac and rc4-hmac-exp considered weak in kerberos?

TH: เหตุใด des-cbc-hmac และ rc4-hmac-exp จึงถือว่าอ่อนแอใน kerberos

RO: De ce des-cbc-hmac și rc4-hmac-exp sunt considerate slabe în kerberos?

RU: Почему des-cbc-hmac и rc4-hmac-exp считаются слабыми в Kerberos?

VI: Tại sao des-cbc-hmac và rc4-hmac-exp được coi là yếu trong kerberos?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.