Encryption Types and Windows

Sam Hartman hartmans at MIT.EDU
Sun May 25 17:45:21 EDT 2003


[I'm not sure if your email address is real.  As a matter of policy I
do not respond to posts to kerberos at mit.edu that do not use working
email addresses, so if this bounces, you should not expect future
responses at least from me.
]

>>>>> "Jason" == Jason C Wells <fake at highperformance.net> writes:


    Jason> On Windows 2000, are the supported encryption types part of
    Jason> Windows itself, or part of the MIT KfW-2.1.1 package?

Both.  Windows SSPI supports des and rc4.  (By DES, I mean both
des-cbc-md5 and des-cbc-crc)

KFW supports DES and 3DES.

If you use ms2mit.exe, you are at some level limited to the
intersection of these two.

A KFW based on Kerberos 1.3 will support DES, 3DES, RC4 and AES, but
that code is not yet released.



    Jason> Related to the above: Is it true that only DES-CBC-MD5 and
    Jason> DES-CBC-CRC are supported under Windows 2000 for

    Jason> authentication that occurs via the MIT KfW-2.1.1 package?

No, you can also use 3DES.


    Jason    Jason> What is the authoritative and current source of information
    Jason> for the encryption types for MIT Kerberos?  For MIT KfW?

The source code.

In particular look at src/lib/crypto/enctypes.c.


More information about the Kerberos mailing list