MD5 tickets and Windows 2000
Turbo Fredriksson
turbo at bayour.com
Wed Oct 30 04:42:47 EST 2002
>>>>> "Sam" == Sam Hartman <hartmans at mit.edu> writes:
>>>>> "Nathan" == Nathan Ward <nward at esphion.com> writes:
Nathan> vs des-cbc-md5? Do encryption types matter that much?
Sam> Yes. You really want to be using an encryption type stronger
Sam> than DES. Unfortunately released MIT code does not share an
Sam> encryption type stronger than any of the DES types with
Sam> Microsoft.
Sam> They support rc4; we support 3des.
Sam> MIT's support for des-cbc-md5 should be fine in the client
Sam> code, but you probably do not want to use des-cbc-md5 with an
Sam> MIT KDC.
Don't quite understand if you say 'yes' or 'no' to the workings
of des-cbc-md5, but I have successfully configured a Windows service
key (ie, using a MIT KDC and a Windows client) to use a des-cbc-md5:normal
encryption type.
Are you saying this is not ok/insecure?
--
Waco, Texas Nazi Mossad Cocaine strategic BATF critical jihad Panama
cryptographic radar bomb Uzi 747 tritium
[See http://www.aclu.org/echelonwatch/index.html for more about this]
More information about the Kerberos
mailing list