Network Working Group M. Horowitz Cygnus Solutions Internet-Draft November, 1996 Triple DES with HMAC-SHA1 Kerberos Encryption Type Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Distribution of this memo is unlimited. Please send comments to the mailing list. Abstract This document defines a new encryption type and a new checksum type for use with Kerberos V5 [RFC1510]. This encryption type is based on the Triple DES cryptosystem and the HMAC-SHA1 [Krawczyk96] message authentication algorithm. The des3-cbc-hmac-sha1 encryption type has been assigned the value 7. The hmac-sha1-des3 checksum type has been assigned the value 12. Encryption Type des3-cbc-hmac-sha1 EncryptedData using this type must be generated as described in [Horowitz96]. The encryption algorithm is Triple DES in Outer-CBC mode. The keyed hash algorithm is HMAC-SHA1. Unless otherwise specified, a zero IV must be used. If the length of the input data is not a multiple of the block size, zero octets must be used to pad the plaintext to the next eight-octet boundary. The counfounder must be eight random octets (one block). Checksum Type hmac-sha1-des3 Checksums using this type must be generated as described in [Horowitz96]. The keyed hash algorithm is HMAC-SHA1. Horowitz [Page 1] Internet Draft Kerberos Triple DES with HMAC-SHA1 November, 1996 Common Requirements Where the Triple DES key is represented as an EncryptionKey, it shall be represented as three DES keys, with parity bits, concatenated together. The key shall be represented with the most significant bit first. When keys are generated by the derivation function, a key length of 168 bits shall be used. The output bit string will be converted to a valid Triple DES key by inserting DES parity bits after every seventh bit. Any implementation which implements either of the encryption or checksum types in this document must support both. Security Considerations This entire document defines encryption and checksum types for use with Kerberos V5. References [Horowitz96] Horowitz, M., "Key Derivation for Kerberos V5", draft- horowitz-kerb-key-derivation-00.txt, November 1996. [Krawczyk96] Krawczyk, H., Bellare, and M., Canetti, R., "HMAC: Keyed-Hashing for Message Authentication", draft-ietf-ipsec-hmac- md5-01.txt, August, 1996. [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network Authentication Service (V5)", RFC 1510, September 1993. Author's Address Marc Horowitz Cygnus Solutions 955 Massachusetts Avenue Cambridge, MA 02139 Phone: +1 617 354 7688 Email: marc@cygnus.com Horowitz [Page 2]