Cipher suites lagging behind
Greg Hudson
ghudson at mit.edu
Thu Apr 16 10:52:26 EDT 2020
On 4/16/20 5:45 AM, Rick van Rein wrote:
> No, that is not what we meant :) Is an updated version of KfW planned
> anytime soon?
There is a beta release of KfW 4.2 based on 1.17, which has aes-sha2
support: http://web.mit.edu/kerberos/kfw-4.2/kfw-4.2.html
When testing this beta release internally within MIT, we noticed some
very superficial installer issues (a couple of unexpected prompts), and
it's been hard to track those down and rectify them. That's why this
hasn't progressed to the official release. I'm not aware of any other
issues.
> The underlying crypto is libk5crypto. We aim to shield the symmetric
> cryptography from Quantum Computers, which explains the pressure on key
> sizes (not even sure this is enough).
Wouldn't you want an aes256 enctype in that case, instead of the
aes128-sha2 enctype from the error message?
More information about the kfwdev
mailing list