[28750] in Kerberos
Re: Adding supported enctypes to kdc
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Nov 16 18:50:38 2007
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <20071116211521.GH20013@localhost> (John Washington's message of
"Fri, 16 Nov 2007 15:15:21 -0600")
Date: Fri, 16 Nov 2007 15:50:16 -0800
Message-ID: <87abpdrbrb.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
John Washington <jawashin@uiuc.edu> writes:
> I would definitely add aes128-cts-hmac-sha1-96 and
> aes256-cts-hmac-sha1-96, as Microsoft is adding these to AD (and I
> prefer good encryption, not really broken encryption)
Is there any reason to add the 128-bit keys? So far, it seems like
everyone who can do 128-bit can also do 256-bit, but maybe that isn't true
of the upcoming Windows release? (They're both equally export-controlled,
so far as I know.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
