The Microsoft Windows 2000 RC4-HMAC Kerberos encryption type
Microsoft
The Microsoft Windows 2000 implementation of Kerberos introduces a new encryption type based on the RC4 encryption algorithm and using an MD5 HMAC for checksum. This is offered as an alternative to using the existing DES based encryption types. The RC4-HMAC encryption types are used to ease upgrade of existing Windows NT environments, provide strong crypto (128-bit key lengths), and provide exportable (meet United States government export restriction requirements) encryption. The Microsoft Windows 2000 implementation of Kerberos contains new encryption and checksum types for two reasons: for export reasons early in the development process, 56 bit DES encryption could not be exported, and because upon upgrade from Windows NT 4.0 to Windows 2000, accounts will not have the appropriate DES keying material to do the standard DES encryption. Furthermore, 3DES is not available for export, and there was a desire to use a single flavor of encryption in the product for both US and international products. As a result, there are two new encryption types and one new checksum type introduced in Microsoft Windows 2000.