Search RFCs

RFC Editor

File formats:

Status:

BEST CURRENT PRACTICE

Obsoletes:

RFC 1510

Updates:

RFC 1964,RFC 4120,RFC 4121,RFC 4757

Authors:

L. Hornquist Astrand
T. Yu

Stream:

IETF

Source:

krb-wg (sec)

Cite this BCP:TXT  | XML

Discuss this RFC: Send questions or comments to the mailing listiesg@ietf.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC

Abstract

The Kerberos 5 network authentication protocol, originally specifiedin RFC 1510, can use the Data Encryption Standard (DES) forencryption. Almost 30 years after first publishing DES, the NationalInstitute of Standards and Technology (NIST) finally withdrew thestandard in 2005, reflecting a long-established consensus that DES isinsufficiently secure. By 2008, commercial hardware costing lessthan USD 15,000 could break DES keys in less than a day on average.DES is long past its sell-by date. Accordingly, this documentupdates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate theuse of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms inKerberos. Because RFC 1510 (obsoleted by RFC 4120) supports onlyDES, this document recommends the reclassification of RFC 1510 asHistoric. This memo documents an Internet Best Current Practice.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.