8

I'm not completely clueless as to what it means, but I'd like to understand it at a higher level.

The highest encryption type used by Active Directory domain controllers for Kerberos authentication traffic is AES256-CTS-HMAC-SHA1-96.

The first part: AES256-CTS. That's AES with a 256-bit symmetric key operating in Cipher Text Stealing mode. Where does the 256 bits of key material come from?

The last part: HMAC-SHA1-96. I get that it's using a hash-bashed message authentication code, using SHA1 for the hash. But what does the 96 mean? An SHA1 hash is 160 bits...

CodesInChaos
  • 25,121
  • 2
  • 90
  • 129
Ryan Ries
  • 183
  • 1
  • 1
  • 5

1 Answers1

12

Decoding AES256-CTS-HMAC-SHA1-96

  • AES256 = AES using 256-bit key
  • CTS = ciphertext stealing
  • HMAC-SHA1-96 = HMAC using SHA-1 hash function with mac truncated to 96 bits.

The benefits of HMAC truncation are discussed in FIPS PUB 198-1, chapter 5. For HMAC-SHA1 96 bits is very common truncation, used for instance by IPsec/ESP.

For figuring out what key material is used, it is decided by Kerberos. Please, read the appropriate standards.

user4982
  • 5,379
  • 21
  • 33