diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c
index 4c30eb9120..6772e1d0bf 100644
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@@ -550,6 +550,9 @@ main(int argc, char **argv)
 		   "1.0",
 #endif
 		   "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
 
     rx_StartServer(1);
     osi_audit(PTS_FinishEvent, -1, AUD_END);
diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h
index 191a6657a9..78473130a6 100644
--- a/src/util/afsutil_prototypes.h
+++ b/src/util/afsutil_prototypes.h
@@ -178,6 +178,7 @@ extern int LogThreadNum(void);
 extern void LogCommandLine(int argc, char **argv, const char *progname,
 			   const char *version, const char *logstring,
 			   void (*log) (const char *format, ...));
+extern void LogDesWarning(void);
 
 /* snprintf.c */
 
diff --git a/src/util/serverLog.c b/src/util/serverLog.c
index 7730807853..4cf81febc7 100644
--- a/src/util/serverLog.c
+++ b/src/util/serverLog.c
@@ -197,6 +197,19 @@ LogCommandLine(int argc, char **argv, const char *progname,
     }
 }
 
+void
+LogDesWarning(void)
+{
+    /* The blank newlines help this stand out a bit more in the log. */
+    ViceLog(0, ("\n"));
+    ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n"));
+    ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n"));
+    ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n"));
+    ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n"));
+    ViceLog(0, ("WARNING: for details.\n"));
+    ViceLog(0, ("\n"));
+}
+
 static void*
 DebugOn(void *param)
 {
diff --git a/src/viced/viced.c b/src/viced/viced.c
index fca9393121..24ecfa201c 100644
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@@ -2028,6 +2028,9 @@ main(int argc, char *argv[])
 	exit(-1);
     }
     LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
+    if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
 
 #if defined(AFS_PTHREAD_ENV) && !defined(AFS_NT40_ENV)
     /* initialize the pthread soft signal handler thread */
diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 3ef7f06aaf..d484ea3094 100644
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -400,6 +400,9 @@ main(int argc, char **argv)
     rx_SetMaxProcs(tservice, 4);
 
     LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
     printf("%s\n", cml_version_number);	/* Goes to the log */
 
     /* allow super users to manage RX statistics */
diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index 2230666c12..3dc516ee18 100644
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -564,6 +564,9 @@ main(int argc, char **argv)
 
     LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
 		   Log);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
     if (TTsleep) {
 	Log("Will sleep %d second%s every %d second%s\n", TTsleep,
 	    (TTsleep > 1) ? "s" : "", TTrun + TTsleep,