1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
Network Working Group M. Horowitz
<draft-ietf-cat-kerb-des3-hmac-sha1-00.txt> Cygnus Solutions
Internet-Draft November, 1996
Triple DES with HMAC-SHA1 Kerberos Encryption Type
Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net
(Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
Rim).
Distribution of this memo is unlimited. Please send comments to the
<cat-ietf@mit.edu> mailing list.
Abstract
This document defines a new encryption type and a new checksum type
for use with Kerberos V5 [RFC1510]. This encryption type is based on
the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message
authentication algorithm.
The des3-cbc-hmac-sha1 encryption type has been assigned the value 7.
The hmac-sha1-des3 checksum type has been assigned the value 12.
Encryption Type des3-cbc-hmac-sha1
EncryptedData using this type must be generated as described in
[Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC
mode. The keyed hash algorithm is HMAC-SHA1. Unless otherwise
specified, a zero IV must be used. If the length of the input data
is not a multiple of the block size, zero octets must be used to pad
the plaintext to the next eight-octet boundary. The counfounder must
be eight random octets (one block).
Checksum Type hmac-sha1-des3
Checksums using this type must be generated as described in
[Horowitz96]. The keyed hash algorithm is HMAC-SHA1.
Horowitz [Page 1]
�
Internet Draft Kerberos Triple DES with HMAC-SHA1 November, 1996
Common Requirements
Where the Triple DES key is represented as an EncryptionKey, it shall
be represented as three DES keys, with parity bits, concatenated
together. The key shall be represented with the most significant bit
first.
When keys are generated by the derivation function, a key length of
168 bits shall be used. The output bit string will be converted to a
valid Triple DES key by inserting DES parity bits after every seventh
bit.
Any implementation which implements either of the encryption or
checksum types in this document must support both.
Security Considerations
This entire document defines encryption and checksum types for use
with Kerberos V5.
References
[Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft-
horowitz-kerb-key-derivation-00.txt, November 1996.
[Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC:
Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac-
md5-01.txt, August, 1996.
[RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network
Authentication Service (V5)", RFC 1510, September 1993.
Author's Address
Marc Horowitz
Cygnus Solutions
955 Massachusetts Avenue
Cambridge, MA 02139
Phone: +1 617 354 7688
Email: marc@cygnus.com
Horowitz [Page 2]
�
|
