Overview#
Kerberos Encryption Types (etype) are defined in an IANA Registry at: Kerberos Encryption Type Numbers
These are signed values ranging from -2147483648 to 2147483647.
- Positive values should be assigned only for algorithms specified in accordance with this specification for use with Kerberos or related protocols.
- Negative values are for private use; local and experimental algorithms should use these values.
- Zero is reserved and may not be assigned.
Kerberos Encryption Types Microsoft Windows#
Kerberos Encryption Types for Microsoft Windows is decided by the MsDS-SupportedEncryptionTypes values or the defaults if not set.MsDS-SupportedEncryptionTypes values can be set from a Group Policy Object.
The default Kerberos Encryption Types for Windows Vista/Windows 7 clients is AES256 and Windows XP and Windows Server 2003 clients default to RC4.
This implies that when Windows Vista/Windows 7 client will initially attempt to use AES when talking to a Domain Controller during the Kerberos Kerberos Pre-Authentication stage, Windows Server 2003 DC‘s on the other hand don‘t support using AES with Kerberos which is why they log the Windows Event Log and ask the client to try again with one of Kerberos Encryption Types the DC supports (which usually ends up as RC4).
Table shows those that are likely to be encountered.
| Encryption type | Aliases | etype (dec) | etype (hex) | msDS | Description RFC | Windows support | MIT Kerberos support | Notes | |
|---|---|---|---|---|---|---|---|---|---|
| DES-CBC-CRC | 1 | 0x0001 | 0x0001 | DES cbc mode with CRC-32 | RFC 3961 section 6.2.3 | Windows Server 2000, disabled by default as of Windows Server 2008R2 | All versions | Cryptographically Weak & Deprecated | |
| DES-CBC-MD4 | 2 | 0x0002 | DES cbc mode with RSA-MD4 | RFC 3961 section 6.2.2 | Not supported | All versions | Cryptographically Weak & Deprecated | ||
| DES-CBC-MD5 | des | 3 | 0x0003 | 0x0002 | DES cbc mode with RSA-MD5 | RFC 3961 section 6.2.1 | Windows Server 2000+, disabled by default as of Windows Server 2008 R2 | All versions | Cryptographically Weak & Deprecated |
| DES-CBC-raw | 4 | 0x0004 | DES cbc mode raw | RFC 3961 marked as "reserved" | Not supported | Unknown | Weak & deprecated, not defined in any RFC | ||
| DES3-CBC-raw | 6 | 0x0006 | Triple DES cbc mode raw | RFC 3961 marked as "reserved" | Not supported | Unknown | Cryptographically Weak & Deprecated, not defined in any RFC | ||
| DES3-CBC-SHA-1 | des3-hmac-sha1 des3-cbc-sha1-kd | 16 | 0x0010 | Triple DES cbc mode with HMAC/SHA-1 | RFC 3961, section 6.3 | Not supported | 1.1 | ||
| AES128-CTS-HMAC-SHA1-96 | aes128-cts aes128-sha1 | 17 | 0x0011 | 0x0008 | AES-128 CTS mode with 96-bit SHA-1 HMAC | RFC 3962 | Windows Server 2008+ | 1.3 | |
| AES256-CTS-HMAC-SHA1-96 | aes256-cts aes256-sha1 | 18 | 0x0012 | 0x0010 | AES-256 CTS mode with 96-bit SHA-1 HMAC | RFC 3962+ | Windows Server 2008 R2 | 1.3 | |
| AES128-cts-hmac-sha256-128 | aes128-sha2 | 19 | 0x0013 | AES-128 CTS mode with 128-bit SHA-256 HMAC | RFC 3962 | Not supported | 1.15 | RFC was only published in October 2016 | |
| AES256-cts-hmac-sha384-192 | aes256-sha2 | 20 | 0x0014 | AES-256 CTS mode with 192-bit SHA-384 HMAC | RFC 3962 | Not supported | 1.15 | RFC was only published in October 2016 | |
| RC4-HMAC | rc4-hmac RC4-HMAC-MD5 | 23 | 0x0017 | ArcFour with HMAC/MD5 | RFC 4757 | Windows Server 2000+ | 1.3 | ||
| RC4-HMAC | RC4-HMAC-MD5-EXP | 24 | 0x0018 | Exportable ArcFour (RC4) with HMAC/MD5 | RFC 4757 | Windows Server 2000+ | 1.3 | Cryptographically Weak & Deprecated | |
| camellia128-cts-cmac | camellia128-cts | 25 | 0x0019 | Camellia-128 CTS mode with CMAC | RFC 4757 | Not supported | 1.9 | ||
| camellia256-cts-cmac | camellia256-cts | 26 | 0x001a | Camellia-256 CTS mode with CMAC | RFC 4757 | Not supported | 1.9 |
Kerberos Cryptosystem Negotiation Extension#
Kerberos allows negotiation of ciphers to be used by use of the Kerberos Cryptosystem Negotiation ExtensionKerberos Encryption Types with DES#
In practical terms, a Windows Client starts a Kerberos Protocol Communication a list of supported Kerberos Encryption Types (Etypes). The KDC responds to the list with the most secure Kerberos Encryption Typess they both support. For example, a Windows 7 computer sends an AS_REQ. You can how it looks in Wireshark: |
The KDC responds that it requires pre-authentication and sends a list of its supported encryption types: (DES was enabled for demonstration purposes):
 |
Some Operating System are not always configured to use Kerberos Encryption Types at the same cipher levels and may not support negotiation or Kerberos Pre-Authentication or they may not support AES ciphers.