10.3 Better Encryption

The art and algorithms of cryptography are always evolving, driven by the explosive growth in computer power and cryptographic theory. Increasing computer power provides a dual driving force for emerging cryptographic algorithms: first, it obsoletes older algorithms and short key lengths as they fall to practical brute-force attacks. A 56-bit single DES key can be brute forced by a network of commodity computers in less than a week, and that time is decreasing rapidly. Conversely, the increase in computing power makes possible the complex calculations of even more sophisticated algorithms and longer key lengths necessary to secure information from prying eyes. Theory drives the development of cryptographic algorithms as well, providing new ways to protect data as well as techniques to crack codes.

Because Kerberos is a system that depends heavily on cryptography, it is crucial that these new encryption methods are implemented in the Kerberos protocol. The Kerberos 5 protocol was designed to be extendable and support multiple encryption types; however, currently the only interoperable encryption type available across Kerberos implementations is single DES. Thankfully, the upcoming release of MIT Kerberos 1.3 will provide wider support for the RC4-HMAC encryption type first introduced by Microsoft for use in Windows 2000's Kerberos service.

For further growth, there are proposed Internet Drafts that specify more, stronger encryption options for future implementations of the Kerberos protocol. The new NIST encryption standard, the Advanced Encryption Standard or AES, is one of the encryption algorithms that is proposed for future implementations of the Kerberos protocol. AES will replace the decades-old DES encryption algorithm as the federal standard for encrypting sensitive but unclassified information. The algorithm for AES, Rijndael, was chosen in 2000 among a field of algorithms submitted by civilian cryptographers from around the world. Rijndael is a block cipher that boasts a variable key size, providing protection against brute force attacks in the foreseeable future.

The latest Kerberos Clarifications require that new Kerberos implementations support AES encryption types, greatly increasing the cryptographic security of future Kerberos implementations. The Kerberos Clarifications have demoted the current single DES encryption type to optional ("SHOULD support") status, due to its small fixed key size. The use of stronger cryptographic algorithms in the future will continue to protect Kerberos from brute-force attacks.