recommended encryption types
Sam Hartman
hartmans at MIT.EDU
Fri Mar 29 21:55:21 EST 2002
>>>>> "Rich" == Rich Johnson <rjohnson at dogstar-interactive.com> writes:
Rich> Does anyone have a summary of the pros and cons of the
Rich> various kerberos encryption types?
des3-hmac-sha1-kd (des3-hmac-sha1 in the MIT implementation): What you
should be using; 168-bit keys, fairly standardized.
des-cbc-crc: What you probably end up using if you want
interoperability or krb4.
There's also RC4 used by Microsoft and des-cbc-md5, which is somewhat
better than des-cbc-crc, but MIT consistently messed up the
implementation.
More information about the Kerberos
mailing list