Kerberos Encryption Types

Kerberos V (version 5) supports multiple encryption types (enctypes). The type used in a given instance is automatically negotiated between the client and the Kerberos KDC servers, based on client and server settings as well as encryption types used to encrypt the password for the user and service principals.

It is important that kerberized service providers (providers of a computer service such as LDAP, CIFS, HTTP, etc. which has been configured to accept kerberos tickets) configure new service principals on the KDCs with the correct enctypes that can be supported by the server so that kerberos clients will not attempt to use encryption that the server cannot support; this is typically done during the creation of the kerberos service principal and keytab file such as with the Keytab Generator.

Encryption Types available*

*(acronyms defined below table)
Kerberos enctype name(s)Cipher algorithmCipher modeKey lengthHMACStrength
aes256-cts
aes256-cts-hmac-sha1-96
AESCBC+CTS256 bitsSHA-1 96-bitsstrongest
aes128-cts
aes128-cts-hmac-sha1-96
AESCBC+CTS128 bitsSHA-1 96-bitsstrong
rc4-hmacRC4128 bitsSHA-1 96-bitsstrong
des3-cbc-sha13DESCBC168 bitsSHA-1 96-bitsstrong
des-cbc-crcDESCBC56 bitsCRC 32-bitweak

For a description of which software platforms can support each encryption type, see Kerberos 5 Feature Matrix (restricted to Penn State full time Faculty and Staff).

3DES
Triple DES; a method of using 3 separate 56-bit DES keys in three passes of DES to make a stronger (but slower) encryption algorithm. A symmetric block cipher. The Access Account realm does not support other triple-des enctypes such as des3-cbc-sha nor des3-cbc-raw.
AES
Advanced Encryption Standard. A symmetric block cipher. The designed replacement of DES and 3DES. It can handle multiple key sizes; Kerberos specifies use for 256-bit and 128-bit keys.
Block cipher
A cipher mode that encrypts data at a fixed size, or block at a time (e.g. 64 bits). Contrast with stream cipher.
CBC
Cipher Block Chaining, a method by which the encrypted cipher-text from the last block of a block cipher is used to further strengthen the next block. Typically the next block's plain-text is XORed with the cipher-text of the previous block. This hides patterns of repeated plain-text blocks.
Cipher
An encryption algorithm, or defined process at which data is encrypted and decrypted.
Cipher-text
Encrypted data. See also plain-text.
CRC
Cyclical Redundancy Check, a method of validating that data has not been corrupted by trivial medium noise (line noise, hard disk damage, etc.). It is not effective at proving data has or has not been altered by a third party during transmit over an insecure medium, such as the Internet.
CTS
Cipher Text Stealing, a method similar to CBC in which the last plain-text block is better protected when it is shorter than other blocks (when the plain-text message does not end evenly on a block boundary).
DES
Data Encryption Standard. A symmetric block cipher. It was designed to handle only 56-bit keys which is its primary weakness. It has been deemed insecure by many authorities in recent decades. Penn State may phase this out of use by the Access Account KDCs in the not too distant future. The Access Account realm does not support other single-des enctypes such as des-hmac-sha1, des-cbc-md5, des-cbc-md4 nor des-cbc-raw. Continued support of des-cbc-crc is in legacy of the widest software support base, but that is now starting to wane as vendors remove support (at least by default) in newer platforms and applications.
HMAC
Hash-based Message Authentication Code, a method used to simultaneously verify both the data integrity and the authenticity of a message.
MD5
A Message Digest hashing algorithm. A method of HMAC.
Plain-text
Unencrypted data; data that has either not been encrypted, or which has been decrypted. See also cipher-text.
RC4
A symmetric stream cipher by Ron Rivest (hence "Rivest Cipher"). It can handle several key sizes such as 40-bit and 128-bit keys. The Penn State Access Account KDCs only support the 128-bit version, rc4-hmac, and not the weaker variants, rc4-hmac-exp, rc4-hmac-old-exp. Kerberos uses "arcfour" or ARC4, meaning "Allegedly RC4", essentially the same cipher as RC4 but named differently to avoid trademark issues.
Stream Cipher
A stream cipher is designed to normally encrypt and decrypt on a single bit at a time. Contrast with block cipher. Both block and stream ciphers can operate in block and stream modes.
SHA-1
Secure Hash Algorithm, a method of HMAC.
Symmetric Cipher
A cipher is deemed symmetric when the same key is used to encrypt and decrypt the same data. When 2 keys are used, one to encrypt and another to decrypt (or one to sign and the other to verify the digital signature), it is called an asymmetric cipher. Kerberos can use asymmetric ciphers, but was designed to need only symmetric ciphers.