Encryption_Types (2024)

Table of Contents
Weak Encryption Types View Encryption Types Supported Encryption Types Related Help

Kerberos supports several types of encryption for securing session keysand the tickets. The type used for a particular ticket or session keyis automatically negotiated when you request a ticket or a service.

See Also
128-Bit encryption definition - GlossaryAES-256 Encryption - Everything You Need to Know - AppSealingHow to Change the Encryption Level for File Sharing Connections on WindowsWAF is not SSL: Why you need both for proper website security

  • When encrypting tickets, the Key Distribution Center (KDC) for yourKerberos installation checks for an encryption type that is shared byboth the KDC and the service you are attempting to use.
  • When encrypting session keys, the KDC checks for an encryptiontype shared by the KDC, the service, and the client requesting thesession (you).
How to... Learn about...
  • View encryption types
  • Weak encryption types
  • Supported encryption types
  • Related help

Weak Encryption Types

In the table of Encryption Types below, some encryption types are noted as weak.Most of them are encryption types that used to be strong but now, withmore computing power available, are considered weak and thereforeundesirable. However, they are still sometimes used for backwardscompatibility. If Kerberos is installed in a network that contains someolder machines running operating systems that do not support the newerencryption types, administrators can choose to allow the weakerencryption when connecting to the older machines.

See Also
256 Bit Encryption – Is AES 256 Bit Encryption Safe in Modern Times?

Back to Top

View Encryption Types

  1. Click the Options tab and find the View Options panel.
  2. Click the Encryption Type checkbox to select it. This opens theEncryption Type column in the main window, showing the encryption typeassociated with each of your tickets and session keys.
    How to: Use Ticket Options Panel
  3. Click and drag the line to the right of the Encryption Type columnheader to widen the column enough to see both the ticket and sessionkey.
  4. Click the blue triangle to the left of a principal name to see alltickets and session keys issued to that principal. Each ticket and keywill have an entry in the Encryption type column.
    How to: View Tickets

Back to Top

Supported Encryption Types

Encryption Type Description
des- The DES (Data Encryption Standard)family is a symmetric block cipher. It was designed to handle only56-bit keys which is not enough for modern computing power. It is nowconsidered to be weak encryption.
  • des-cbc-crc (weak)
  • des-cbc-md5 (weak)
  • des-cbc-md4 (weak)
des3- The triple DES family improves onthe original DES (Data Encryption Standard) by using 3 separate 56-bitkeys. Some modes of 3DES are considered weak while others are strong(if slow).
  • des3-cbc-sha1
  • des3-cbc-raw (weak)
  • des3-hmac-sha1
  • des3-cbc-sha1-kd
aes The AES Advanced Encryption Standardfamily, like DES and 3DES, is a symmetric block cipher and was designedto replace them. It can use multiple key sizes. Kerberos specifies usefor 256-bit and 128-bit keys.
  • aes256-cts-hmac-sha1-96
  • aes128-cts-hmac-sha1-96
rc4 or
arcfour		The RC4 (Rivest Cipher 4) is a symmetric stream cipher that can usemultiple key sizes. The exportable variations are considered weak, butother variations are strong.
  • arcfour-hmac
  • rc4-hmac
  • arcfour-hmac-md5
  • arcfour-hmac-exp (weak)
  • rc4-hmac-exp (weak)
  • arcfour-hmac-md5-exp(weak)

Back to Top

Related Help

Encryption_Types (2024)
Top Articles
Monthly Income Schemes (MIS) in India 2024
Return on Investment (Explained)
Dog Cage For Sale Craigslist
Obituaries - The Mountain Eagle
Day 6 Coffee Menu
Conan Exiles Bleed
Tfn Powerschool
Jeep Tinder
Caribbean Mix Lake Ozark
NICK WILLIS WOODWORKING LIMITED - 04400471
Best Seafood Murrells Inlet
[MEGA THREAD] New Portraits
Latest Posts
A Diversified 4-Stock Portfolio For 5% Income
Top 5 Investment ETFs for 2020
Article information

Author: Virgilio Hermann JD

Last Updated:

Views: 6052

Rating: 4 / 5 (61 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Virgilio Hermann JD

Birthday: 1997-12-21

Address: 6946 Schoen Cove, Sipesshire, MO 55944

Phone: +3763365785260

Job: Accounting Engineer

Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio

Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.