Quick question related to Kerberos + AES256 + SHA2
Prashanth Marampally
PMarampally at agiliance.com
Thu Feb 25 11:11:36 EST 2016
Hi Simo,
Thanks for you reply and link.
Looks like draft expires on July 28, 2016.
Anyways, thanks for the update.
Thanks,
Prashanth
-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com]
Sent: Thursday, February 25, 2016 9:10 PM
To: Prashanth Marampally
Cc: Rick van Rein; kerberos at mit.edu
Subject: Re: Quick question related to Kerberos + AES256 + SHA2
Not that the Kitten WG is working on standardizing new enctypes for AES
+HMAC-SHA2, this is the latest draft:
https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09
Although it will take a while before all the most common implementations will have support for it, and it may never land on older OSs.
Simo.
On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote:
> Yep. Got it!
>
> Thanks,
> Prashanth
>
> -----Original Message-----
> From: Rick van Rein [mailto:rick at openfortress.nl]
> Sent: Thursday, February 25, 2016 7:50 PM
> To: Prashanth Marampally
> Cc: kerberos at mit.edu
> Subject: Re: Quick question related to Kerberos + AES256 + SHA2
>
> OK,
>
> Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I didn't make that clear before.
>
> -Rick
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list