Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Cookbook items - Entropy and Kerberos

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Cookbook items - Entropy and Kerberos

Chronological Thread 
  • From: "Capehart,Jeffrey D" <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: Cookbook items - Entropy and Kerberos
  • Date: Tue, 18 Jun 2013 13:31:12 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

Replies in-line…

From: [mailto:] On Behalf Of Eric Goodman
Sent: Monday, June 17, 2013 7:37 PM
Subject: [AD-Assurance] RE: Cookbook items - RC4-HMAC and Kerberos


I’ve seen the “2^80” language before, but I think it came from a misread of the entropy table; and the juxtaposition of the Kerberos “offline guessing” language and the 2^80 language in the new 800-63-1 make it easier to misread.


According to the entropy discussion (Table A.1, pg 107), a 12 character, RANDOMLY CHOSEN password from a 94 character alphabet has 79 bits of entropy.


According to the same table, a 12 character, user chosen password subjected to dictionary and composition rules has ~34 bits of entropy. To get the 80ish bits of entropy required for this requirement, you’d need a ~58 character, user chosen password. My assertion does assume a 1 pass encryption process, but even a 1000 pass encryption process (increasing the encryption operations by 2^10) only cuts ~10 characters off the required password; i.e., you’d need a 48 character password in that case. (According to, AES requires up to 14 cycles/rounds, depending on key size).


OK, what would help is to determine if “entropy” (as used in the password guessing table A.1) is equivalent to “cryptographic operations” (as used with impractical, on the order of 280 operations, for off-line cracking resistance as the result of eavesdropping.)


Both of these definitions come out of SP 800-63-1, so they are not in the Silver spec, but table A is included by reference.  The Silver spec mentions entropy, eavesdropping resistance, and impractical.  Perhaps those are terms and assumptions that could be “defined” as part of the AD Alternative Means purposes.


I presume that when people were recommending 12 character passwords they weren’t really intending distributing truly random, gibberish passwords to the user populations.

--- Eric


This may have been a short-cut, but the complete space for 95 characters with 12 length would be 9512 which works out to roughly 279 which is reasonably on the order of 280 combinations.  I don’t think the full entropy calculation was factored in for the “impractical” calculation.


Going back to Kerberos, SP 800-63-1 is even more unforgiving in that it saysAll assertion protocols used at Level 2 and above require the use of Approved cryptographic techniques. As such, the use of Kerberos keys derived from user generated passwords is not permitted at Level 2 or above.”  How does sentence 2 relate to sentence 1?  Kerberos can certainly be set to use only approved algorithms.  Is this exclusion related just to the assertion?  If that is the case, then for Shibboleth, the assertion is sent via SAML and not Kerberos.


My thinking here is that if Kerberos could be interpreted/configured to be OK for Level 2 (Silver), with keys derived from user generated passwords, then Kerberos-only could be a method for configuring Active Directory to meet Silver.  Microsoft even says that Kerberos is their strategy and that NTLM is not going to be “fixed”.



-Jeff C.


Archive powered by MHonArc 2.6.16.

Top of Page