Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RC4-HMAC, HMAC-MD5 & Alternative Means?

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RC4-HMAC, HMAC-MD5 & Alternative Means?


Chronological Thread 
  • From: "Capehart,Jeffrey D" <>
  • To: "" <>
  • Subject: [AD-Assurance] RC4-HMAC, HMAC-MD5 & Alternative Means?
  • Date: Mon, 11 Mar 2013 22:03:10 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

As many of you know, MD4 and MD5 are not approved hashing algorithms.  Therefore, RC4-HMAC and HMAC-MD5 are not approved algorithms for encryption.  MD4 and MD5 aren’t approved due to their weak collision resistance.

 

I ran across RFC6150 and RFC6151 which has an interesting statement:

 

The RC4-HMAC is supported in Microsoft's Windows 2000 and later versions of Windows for backwards compatibility with Windows 2000.  As [RFC4757] stated, RC4-HMAC doesn't rely on the collision resistance property of MD4, but uses it to generate a key from a password, which is then used as input to HMAC-MD5. For an attacker to recover the password from RC4-HMAC, the attacker first needs to recover the key that is used with HMAC- MD5.  As noted in [RFC6151], key recovery attacks on HMAC-MD5 are not yet practical.

 

Also RFC6649:

   The security considerations of [RFC4757] continue to apply to
   RC4-HMAC, including the known weaknesses of RC4 and MD4, and this
   document does not change the Informational status of [RFC4757] for
   now.  The main reason to not actively discourage the use of RC4-HMAC
   is that it is the only encryption type that interoperates with older
   versions of Microsoft Windows once DES and RC4-HMAC-EXP are removed.
   These older versions of Microsoft Windows will likely be in use until
   at least 2015.

 

 

Based on this reading, perhaps someone could come up with a nice risk assessment that would:

1.       Cite the “Approved Algorithm” requirement(s) needing alternative means

2.       Describe reason for proposing this alternative… (Microsoft AD_DS needs to use it because…)

3.       Risks exposed/how mitigated

4.       Specific text to assert that RC4-HMAC / HMAC-MD5 is comparable to #1 (Approved Algorithm)

5.       Documentation to support #4.

 

 

Note these are still fairly recent documents!

 

RFC 6151        MD5 and HMAC-MD5 Security Considerations      March 2011

http://www.ietf.org/rfc/rfc6151.txt

 

RFC 6150        MD4 to Historic Status      March 2011

http://www.ietf.org/rfc/rfc6150.txt

 

RFC 6649                Deprecate DES in Kerberos              July 2012

http://www.ietf.org/rfc/rfc6649.txt

 

-Jeff

 

 

Jeff Capehart, CISA
IT Audit Manager
University of Florida - Office of Internal Audit
(352) 273-1882

http://oia.ufl.edu

 


  • [AD-Assurance] RC4-HMAC, HMAC-MD5 & Alternative Means?, Capehart,Jeffrey D, 03/11/2013

Archive powered by MHonArc 2.6.16.

Top of Page