Penn State shield
Skip to content Skip to search

Headlines

ITS Alert - Single DES Encryption Type Trusts to be Discontinued August 31, 2014

/alerts

ITS Alerts by Date


ITS Alerts by Service

ITS Alerts by Location

  • red boxCurrent Alert
  • green boxResolved Alert
  • orange boxFuture Alert

Single DES Encryption Type Trusts to be Discontinued August 31, 2014

Last updated on June 5, 2014 at 2:53PM

On Tuesday, August 31, 2014, Information Technology Services (ITS) will discontinue Single DES Encryption Type Trusts to the kerberos realm (dce.psu.edu) for Penn State Access Accounts. No new Single DES encryption trusts have been created since February 1, 2014. If you need to upgrade your trust or have further questions please contact win-ad@psu.edu.

According to the Internet Engineering Task Force (IETF), an internet standards organization that recommends internet best practices, Request for Comment (RFC) 6649: "The Kerberos 5 network authentication protocol, originally specified in RFC 1510, can use the Data Encryption Standard (DES) for encryption. Almost 30 years after first publishing DES, the National Institute of Standards and Technology (NIST) finally withdrew the standard in 2005, reflecting a long-established consensus that DES is insufficiently secure. By 2008, commercial hardware costing less than USD 15,000 could break DES keys in less than a day on average. DES is long past its sell-by date. Accordingly, RFC 6649 updates RFC 1964, RFC 4120, RFC 4121, and RFC 4757 to deprecate the use of DES, RC4-HMAC-EXP, and other weak cryptographic algorithms in Kerberos. Because RFC 1510 (obsoleted by RFC 4120) supports only DES, this document recommends the reclassification of RFC 1510 as Historic."

The above text was taken from the IETF website, <http://tools.ietf.org/html/rfc6649>.

For more information, please contact IT Service Desk (ITServiceDesk@psu.edu).


Back to ITS Alerts

Impact Information

  • Incident Type:
    Scheduled Maintenance or Upgrade
  • Services affected:
    Miscellaneous
  • Locations affected:
    All locations
  • Scheduled for:
    ITS maintenance window (5:00-7:00am) on August 31, 2014