{"draft":"draft-ietf-krb-wg-des-die-die-die-04","doc_id":"RFC6649","title":"Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos","authors":["L. Hornquist Astrand","T. Yu"],"format":["ASCII","HTML"],"page_count":"7","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"Kerberos WG","abstract":"The Kerberos 5 network authentication protocol, originally specified\r\nin RFC 1510, can use the Data Encryption Standard (DES) for\r\nencryption.  Almost 30 years after first publishing DES, the National\r\nInstitute of Standards and Technology (NIST) finally withdrew the\r\nstandard in 2005, reflecting a long-established consensus that DES is\r\ninsufficiently secure.  By 2008, commercial hardware costing less\r\nthan USD 15,000 could break DES keys in less than a day on average.\r\nDES is long past its sell-by date.  Accordingly, this document\r\nupdates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate the\r\nuse of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in\r\nKerberos.  Because RFC 1510 (obsoleted by RFC 4120) supports only\r\nDES, this document recommends the reclassification of RFC 1510 as\r\nHistoric.  This memo documents an Internet Best Current Practice.","pub_date":"July 2012","keywords":["[--------]"],"obsoletes":["RFC1510"],"obsoleted_by":[],"updates":["RFC1964","RFC4120","RFC4121","RFC4757"],"updated_by":[],"see_also":["BCP0179"],"doi":"10.17487\/RFC6649","errata_url":null}