Enforcing AES 256 bit encryption for Domain Authentication
AES 254 Kerberos enforcement

Enforcing AES 256 bit encryption for Domain Authentication

Upgrading Windows Domain Authentication Encryption keys from 128 to 256 BIT… yes it’s a thing.

The what.

A 128-bit key refers to a cryptographic key used in encryption algorithms that is 128 bits in length. In the context of symmetric encryption, a 128-bit key is used to encrypt and decrypt data. The key is essentially a sequence of 128 binary digits (0s and 1s) that serves as the input to the encryption algorithm.

The length of the key is directly related to the security and strength of the encryption. A longer key size provides a larger key space, meaning there are more possible combinations of 0s and 1s that can be used as the encryption key. This increases the difficulty for an attacker to guess or brute-force the key and decrypt the encrypted data.

Kerberos is a network authentication protocol that is used to provide secure communication over a non-secure network. It enables entities, such as users and services, to prove their identities to each other securely. AES256, on the other hand, refers to the Advanced Encryption Standard with a key size of 256 bits. When it comes to Kerberos, AES256 refers to the encryption algorithm used to protect the confidentiality of the Kerberos tickets exchanged between entities. The Kerberos protocol supports various encryption types, and AES256 is one of the strong encryption algorithms available. The default protocol is AES128 which is a weaker and older encryption standard left over from the Windows 2003 days. You are probably on that one.

AES (Advanced Encryption Standard) was widely considered a strong encryption algorithm back in early 2000’s that has been adopted by various industries and organizations for secure communication and data protection. However, like any cryptographic algorithm, AES is not entirely immune to weaknesses and it is becoming dated, thus new weaknesses are being uncovered and exploited. Shorter key means lower number of rounds required to encrypt/decrypt and an exponentially smaller cypher patter for possible RoundKey combinations.

No alt text provided for this image
AES Algorithm mod process

The why?

Here are some potential weaknesses or areas of concern associated with AES-128 encryption:

Brute Force Attacks: While AES-128 is considered secure against brute force attacks in practice, as the key size is sufficiently large, theoretical advances in computing power could potentially reduce the time required to break the encryption through exhaustive search.

Quantum Computing: With the potential development of practical quantum computers, certain algorithms used in AES, such as the symmetric key operations, could be vulnerable to attacks based on quantum computing. However, it's important to note that quantum computers capable of breaking AES encryption are not currently available.

Side-Channel Attacks: AES itself does not address side-channel attacks, which exploit information leaked during the encryption process, such as power consumption, timing variations, or electromagnetic emissions. Implementations of AES need to include countermeasures to protect against these types of attacks.

Implementation Vulnerabilities: Weaknesses in the implementation of AES can lead to security vulnerabilities. Flaws in the design, software bugs, or improper use of the algorithm can undermine the strength of the encryption. It's crucial to follow best practices and adhere to recognized standards when implementing AES. A side channel attack will need to be of a lesser complexity for an AES 128 algorithm than a 258 algorithm because of an exponentially larger side-chain cycle requirement. As in, the number of possible combinations that a side-chain has to work through in order to guess a correct combination to decrypt.

Key Management, life and reliability: The security of AES relies heavily on the proper management and protection of encryption keys. Weaknesses in key generation, storage, distribution, or revocation processes can undermine the overall security of the system using AES. AES-256 offers a larger key size compared to AES-128 (128-bit key size), which provides a significant increase in the number of possible encryption keys. This larger key size can offer certain key management improvements over AES-128. AES-256 has a much larger key space than AES-128. With 2^256 possible keys, the likelihood of successfully brute-forcing the encryption key becomes extremely low. This increased key space adds an extra layer of protection against potential attacks. With current advance key surveillance techniques longer key means longer life. Key surveillance involves reading header and metadata of key thumbprints in order to hash information about it. An attacked can surveil thumbprints of various certificates issued by the same Certificate Authority in order to narrow possible key crack combinations.?

No alt text provided for this image
AES round count

Weaker Encryption Strength: AES 128 provides a lower key size compared to AES 256. The shorter key length reduces the number of possible encryption keys, making it potentially more susceptible to brute-force attacks. Although AES 128 is still considered secure, the additional key size in AES 256 provides a larger keyspace, making it more resistant to cryptographic attacks.

Dive deeper into the math: number 2^128 represents the size of the key space for each key size. In encryption, the key space refers to the total number of possible keys that can be used with the encryption algorithm.

For a 128-bit key, the key space is 2^128, which equals approximately 3.4 x 10^38 possible keys. This means that there are 3.4 x 10^38 different combinations of 0s and 1s that can be used to form a 128-bit key.

On the other hand, for a 256-bit key, the key space is 2^256, which equals approximately 1.1 x 10^77 possible keys. This means that there are 1.1 x 10^77 different combinations of 0s and 1s that can be used to form a 256-bit key.

Future Security Vulnerabilities: Cryptographic attacks and advances in computing power continue to evolve over time. While AES 128 is currently considered somewhat secure, there is always a possibility that new vulnerabilities or attacks may emerge in the future that could exploit the encryption algorithm. By using a stronger encryption like AES 256, you provide an additional layer of security and potential resilience against future cryptographic attacks.

Compliance with Security Standards: Some security standards and regulations, such as certain governmental or industry-specific requirements, may mandate the use of stronger encryption algorithms like AES 256. Choosing AES 128 for Kerberos encryption might not meet the specific encryption requirements outlined by these standards, potentially leading to non-compliance.

Limited Compatibility with External Systems: In some cases, external systems or applications that interact with your Kerberos-enabled environment may only support or require AES 256 encryption. By using AES 128, you may face compatibility challenges or encounter issues when integrating with these external systems.

Long-Term Security: As technology advances, computing power increases, and new cryptographic attacks are discovered, the need for stronger encryption becomes more important to maintain long-term security. By using AES 256, you ensure a higher level of security and future-proof your Kerberos implementation against potential cryptographic vulnerabilities.

The how:

Running Kerberos on AES 128 may introduce some security risks compared to using a stronger encryption algorithm like AES 256. Here are a few risks associated with using AES 128 for Kerberos:

Enforcing AES 256 on a Windows Domain will require two settings to be changed:

1)The compatibility mode of Kerberos Authentication certificate template will need to be changed from the default Windows 2003 (does not support EAS 256, only EAS 128) to 2008 or later (supports EAS 256)

No alt text provided for this image
Kerberos Authentication compatibility

2)A GPO (Group Policy Object) will need to push a policy requirement to Domain Controllers and clients to use AES 256 encryption only.

Compatibility Mode of the Kerberos Authentication certificate template refers to a setting that determines the level of compatibility with older versions of Windows operating systems.

When configuring a certificate template for Kerberos Authentication, you have the option to set the Compatibility Mode to either "Windows Server 2003" or "Windows Server 2008 and later." This setting controls the behavior of the certificate template and determines the features and cryptographic algorithms supported by the issued certificates.

Here's a breakdown of the two compatibility modes:

Windows Server 2003 Compatibility Mode:

This mode is intended for compatibility with Windows Server 2003 and earlier versions.

The certificates issued using this compatibility mode may use older cryptographic algorithms such as MD5 and SHA-1.

It supports compatibility with legacy systems and applications that rely on older Kerberos encryption algorithms and certificate standards.

Windows Server 2003 Compatibility Mode should only be selected if you have specific legacy requirements.

Windows Server 2008 and later Compatibility Mode:

This mode is intended for environments using Windows Server 2008 and later versions.

Certificates issued in this compatibility mode use modern cryptographic algorithms such as SHA-256.

It ensures compliance with current security standards and best practices.

This compatibility mode is recommended for most modern Windows domain environments.


AES256 is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. It provides a high level of security due to its key size and is widely used in various applications where data confidentiality is crucial. In the context of Kerberos, the use of AES256 ensures that the sensitive information contained in Kerberos tickets, such as the user's authentication credentials and session keys, remains secure and cannot be easily compromised by unauthorized entities.

In a Windows domain environment, Kerberos is the primary authentication protocol used for network authentication. The encryption standard employed by Kerberos in Windows domains depends on the version of Windows being used. In Windows Server 2008 and later versions, including Windows Server 2012 and Windows Server 2016, the default encryption standard used by Kerberos is AES (Advanced Encryption Standard) with a 128-bit key. This encryption algorithm provides a good balance between security and performance. However, it's important to note that Windows supports multiple encryption types for Kerberos, including DES (Data Encryption Standard), RC4 (Rivest Cipher 4), and AES with various key lengths (128, 256). The specific encryption types and their priority are configurable in the domain controller's security policies.

Additionally, Windows domains also support the use of Kerberos extensions, such as Kerberos Armoring (FAST), which provides additional security features like channel binding and mutual authentication. It's worth mentioning that Microsoft continually updates and enhances the security features in its operating systems. Therefore, the encryption standards and default settings may evolve over time with the release of new Windows versions and updates.

Using AES 256 for Kerberos encryption offers several advantages:

Enhanced Security: AES 256 is a strong encryption algorithm that provides a high level of security. With a 256-bit key size, it offers a large key space, making it extremely difficult and time-consuming to crack the encryption.

Robust Data Confidentiality: AES 256 ensures the confidentiality of Kerberos tickets and sensitive information exchanged between entities in a Windows domain. It prevents unauthorized entities from easily accessing or deciphering the encrypted data.

Compliance with Security Standards: AES 256 is widely recognized and accepted as a secure encryption standard. By using AES 256 for Kerberos, you align with best practices and security standards recommended by organizations like NIST (National Institute of Standards and Technology).

Compatibility: AES is a widely supported encryption algorithm. Most modern systems and applications can handle AES 256 encryption, making it compatible with a wide range of network environments and devices.

Performance Efficiency: While AES 256 is more computationally intensive than lower key sizes, modern hardware and optimized implementations can efficiently handle AES 256 encryption without significant performance impact. This allows for a balance between security and performance in Kerberos authentication.

Forward Compatibility: AES 256 provides a level of future-proofing, as it offers a higher level of security compared to lower key sizes. As security threats evolve, using AES 256 helps ensure the longevity of your Kerberos encryption.

Industry Standard: AES is widely adopted as a standard encryption algorithm in various industries and applications. Using AES 256 for Kerberos aligns with industry best practices, ensuring interoperability and compatibility with other systems and services that rely on AES encryption.

Overall, by using AES 256 for Kerberos encryption, you can significantly enhance the security and confidentiality of authentication data and protect against potential attacks or unauthorized access in your Windows domain environmen

To enforce the use of AES 256 for Kerberos encryption in a Windows domain, you need to configure the appropriate security settings on your domain controllers. Here's a step-by-step guide:

While using AES 256 for Kerberos encryption offers significant security advantages, there are some potential risks and disadvantages to consider:

Computational Overhead: AES 256 is a computationally intensive encryption algorithm compared to lower key sizes. Encrypting and decrypting data using AES 256 may require more processing power and could introduce a slight performance impact, especially on older or resource-constrained systems. However, modern hardware and optimized implementations can mitigate this impact to a large extent.

Compatibility Issues: While AES 256 is widely supported, there may be legacy systems, applications, or devices that do not support or have limited compatibility with AES 256 encryption. Before enforcing AES 256 for Kerberos, it's essential to ensure that all components in your environment can handle this encryption standard to avoid any interoperability issues.

Key Management: AES 256 requires a 256-bit encryption key, which is longer and more complex than keys used in lower key sizes. Managing and securely distributing these longer keys can be more challenging, especially in large-scale deployments. Proper key management practices, such as secure key storage, rotation, and distribution mechanisms, are crucial to maintain the security of the encryption keys.

Increased Storage Requirements: AES 256 encryption typically generates larger ciphertexts compared to lower key sizes. As a result, there may be a slight increase in storage requirements for Kerberos tickets and encrypted data. However, the difference in storage impact is generally minimal and may not be a significant concern for most deployments.

Potential Backward Compatibility Issues: If your network includes older systems or devices that only support weaker encryption standards, enforcing AES 256 for Kerberos may lead to compatibility issues or prevent those systems from authenticating properly. It's essential to assess the compatibility requirements of your network and consider the potential impact on legacy systems before making the switch.

Log in to a domain controller with administrative privileges.

Open the Group Policy Management Console (gpmc.msc).

Create a new Group Policy Object (GPO) or select an existing one that is applied to the domain controllers.

Right-click on the selected GPO and choose "Edit" to open the Group Policy Editor.

Navigate to "Computer Configuration" -> "Policies" -> "Windows Settings" -> "Security Settings" -> "Local Policies" -> "Security Options".

In the list of security options, locate the following settings:

"Network security: Configure encryption types allowed for Kerberos"

"Network security: Minimum session security for NTLM SSP-based (including secure RPC) clients"

Double-click on each of these settings to modify their values.

In the "Network security: Configure encryption types allowed for Kerberos" setting, select the "Define this policy setting" option.

No alt text provided for this image
Kerberos allowed ancryption types

Check the box for "AES256_HMAC_SHA1" and uncheck any other encryption types you don't want to allow.

No alt text provided for this image

Click "OK" to save the changes to the encryption types.

In the "Network security: Minimum session security for NTLM SSP-based (including secure RPC) clients" setting, select the "Require 128-bit encryption" option.

Click "OK" to save the changes to the minimum session security.

Close the Group Policy Editor.

Link the GPO to the appropriate Organizational Unit (OU) containing your domain controllers.

Wait for the changes to propagate through the domain or force a Group Policy update using the command "gpupdate /force" on the domain controllers.

Verify that the changes have taken effect by checking the Kerberos encryption types in use on the domain controllers, or review a recently issued certificate for Kerberos Authentication from Certificate Authority issued certificates.

No alt text provided for this image
testing Kerberos authentication key strength

By following these steps, you can enforce the use of AES 256 encryption for Kerberos in your Windows domain.

Anatoli Maximov

Dipl.-Informatiker : patientia virtus fortium est

4 个月

In AES We Trust

回复
Valentin Komarovskiy, MBA

Solving complex business problems and alleviating technical pain points to improve efficiency and reduce risks.

1 年

Brent Foley

回复
Valentin Komarovskiy, MBA

Solving complex business problems and alleviating technical pain points to improve efficiency and reduce risks.

1 年
回复
Valentin Komarovskiy, MBA

Solving complex business problems and alleviating technical pain points to improve efficiency and reduce risks.

1 年

Perla Fainstein CISSP, OSCP

回复
Valentin Komarovskiy, MBA

Solving complex business problems and alleviating technical pain points to improve efficiency and reduce risks.

1 年

要查看或添加评论,请登录

社区洞察

其他会员也浏览了