Password Encryption

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Password Encryption

Joshua Brodie
Hi there:

How can I find out the out of the box default password encryption used?

On a getprinc -- there are 8 shown -- are these all used for the principal?

Number of keys: 8
Key: vno 8, aes256-cts-hmac-sha1-96
Key: vno 8, aes128-cts-hmac-sha1-96
Key: vno 8, des3-cbc-sha1
Key: vno 8, arcfour-hmac
Key: vno 8, camellia256-cts-cmac
Key: vno 8, camellia128-cts-cmac
Key: vno 8, des-hmac-sha1
Key: vno 8, des-cbc-md5

Thanks.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Password Encryption

Greg Hudson
On 5/22/20 2:29 PM, Joshua Brodie wrote:
> How can I find out the out of the box default password encryption used?

Kerberos doesn't encrypt passwords(*), but it does store long-term keys
derived from the passwords.  This derivation, called the "string-to-key"
operation for the encryption type, is one-way; you can't decrypt a
long-term key to get at the original password.  You can perform a
dictionary attack (trying lots of potential passwords to see if they
result in the same key).  The string-to-key operations for AES and
Camellia enctypes are deliberately slow in order to frustrate dictionary
attacks, whereas the older single-DES, triple-DES, and RC4 enctypes have
very fast string-to-key operations.

The default set of encryption types used for new principals is listed as
the default value of supported_enctypes here:

https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/kdc_conf.html#realms

> On a getprinc -- there are 8 shown -- are these all used for the principal?

Yes, for that principal entry there are string-to-key results for all
eight encryption types.  camellia256-cts-cmac and camellia128-cts-cmac
have never been in the default value for supported_enctypes, so the
default was not used for that principal.

(*) Kerberos password-change operations do involve encrypting passwords
for transport over the wire from the client to the admin server.  But
the KDC doesn't store decryptable passwords in the database.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos