[19605] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: aes-sha2 in default etype list now?

daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 21 13:13:54 2017

To: Weijun Wang <weijun.wang@oracle.com>, krbdev@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <86e4dc0e-5635-114a-5773-eca19c3310f4@mit.edu>
Date: Wed, 21 Jun 2017 13:13:38 -0400
MIME-Version: 1.0
In-Reply-To: <d5696c71-bd4d-b250-2894-672aee4ef1d0@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On 06/21/2017 11:11 AM, Weijun Wang wrote:
> But the doc at https://github.com/krb5/krb5/blob/master/doc/conf.py#L275 
> shows:
> 
> .. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 
> aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 
> camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 
> des-cbc-md4``

That's an oversight; I have filed a PR to update it.

> Are aes128-sha2 and aes256-sha2 default etypes?

They are permitted by default, though not in the default list of
key/salt types for generating new keys.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post