jspωiki
Kerberos Encryption Types

Overview#

Kerberos Encryption Types (etype) are defined in an IANA Registry at: Kerberos Encryption Type Numbers

These are signed values ranging from -2147483648 to 2147483647.

  • Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols.
  • Negative values are for private use; local and experimental algorithms should use these values.
  • Zero is reserved and may not be assigned.

Kerberos Encryption Types Microsoft Windows#

Kerberos Encryption Types for Microsoft Windows is decided by the MsDS-SupportedEncryptionTypes values or the defaults if not set.

MsDS-SupportedEncryptionTypes values can be set from a Group Policy Object.

The default Kerberos Encryption Types for Windows Vista/Windows 7 clients is AES256 and Windows XP and Windows Server 2003 clients default to RC4.

This implies that when Windows Vista/Windows 7 client will initially attempt to use AES when talking to a Domain Controller during the Kerberos Kerberos Pre-Authentication stage, Windows Server 2003 DC‘s on the other hand don‘t support using AES with Kerberos which is why they log the Windows Event Log and ask the client to try again with one of Kerberos Encryption Types the DC supports (which usually ends up as RC4).

Table shows those that are likely to be encountered.

Encryption typeAliasesetype (dec)etype (hex)msDSDescription RFCWindows supportMIT Kerberos supportNotes
DES-CBC-CRC 10x00010x0001DES cbc mode with CRC-32RFC 3961 section 6.2.3Windows Server 2000, disabled by default as of Windows Server 2008R2All versionsCryptographically Weak & Deprecated
DES-CBC-MD4 20x0002 DES cbc mode with RSA-MD4RFC 3961 section 6.2.2Not supportedAll versionsCryptographically Weak & Deprecated
DES-CBC-MD5des30x00030x0002DES cbc mode with RSA-MD5RFC 3961 section 6.2.1Windows Server 2000+, disabled by default as of Windows Server 2008 R2All versionsCryptographically Weak & Deprecated
DES-CBC-raw 40x0004 DES cbc mode rawRFC 3961 marked as "reserved"Not supportedUnknownWeak & deprecated, not defined in any RFC
DES3-CBC-raw 60x0006 Triple DES cbc mode rawRFC 3961 marked as "reserved"Not supportedUnknownCryptographically Weak & Deprecated, not defined in any RFC
DES3-CBC-SHA-1des3-hmac-sha1
des3-cbc-sha1-kd
160x0010 Triple DES cbc mode with HMAC/SHA-1RFC 3961, section 6.3Not supported1.1
AES128-CTS-HMAC-SHA1-96aes128-cts
aes128-sha1
170x00110x0008AES-128 CTS mode with 96-bit SHA-1 HMACRFC 3962Windows Server 2008+1.3
AES256-CTS-HMAC-SHA1-96aes256-cts
aes256-sha1
180x00120x0010AES-256 CTS mode with 96-bit SHA-1 HMACRFC 3962+Windows Server 2008 R2 1.3
AES128-cts-hmac-sha256-128aes128-sha2190x0013 AES-128 CTS mode with 128-bit SHA-256 HMACRFC 3962Not supported1.15RFC was only published in October 2016
AES256-cts-hmac-sha384-192aes256-sha2200x0014 AES-256 CTS mode with 192-bit SHA-384 HMACRFC 3962Not supported1.15RFC was only published in October 2016
RC4-HMACrc4-hmac
RC4-HMAC-MD5
230x0017 ArcFour with HMAC/MD5RFC 4757Windows Server 2000+1.3
RC4-HMACRC4-HMAC-MD5-EXP240x0018 Exportable ArcFour (RC4) with HMAC/MD5RFC 4757Windows Server 2000+1.3Cryptographically Weak & Deprecated
camellia128-cts-cmaccamellia128-cts250x0019 Camellia-128 CTS mode with CMACRFC 4757Not supported1.9
camellia256-cts-cmaccamellia256-cts260x001a Camellia-256 CTS mode with CMACRFC 4757Not supported1.9

Kerberos Cryptosystem Negotiation Extension#

Kerberos allows negotiation of ciphers to be used by use of the Kerberos Cryptosystem Negotiation Extension

Kerberos Encryption Types with DES#

In practical terms, a Windows Client starts a Kerberos Protocol Communication a list of supported Kerberos Encryption Types (Etypes). The KDC responds to the list with the most secure Kerberos Encryption Typess they both support. For example, a Windows 7 computer sends an AS_REQ. You can how it looks in Wireshark:
AS_REQ
.


The KDC responds that it requires pre-authentication and sends a list of its supported encryption types: (DES was enabled for demonstration purposes):

KDC RESP
.


Some Operating System are not always configured to use Kerberos Encryption Types at the same cipher levels and may not support negotiation or Kerberos Pre-Authentication or they may not support AES ciphers.

More Information#

There might be more information for this subject on one of the following: