encryption algorithm used by kerberos
Sam Hartman
hartmans at MIT.EDU
Fri Nov 14 20:09:28 EST 2003
>>>>> "Kent" == <Kent_Wu at trendmicro.com> writes:
Kent> Hi, In the kerberos authentication process, it does
Kent> encryption a lot to guarantee the security. Hoever from the
Kent> materials I read it seems it's using DES encryption method
Kent> behind it which is not considered safe anymore, so are we
Kent> going to use a more advanced algorithm or we've done that
Kent> already?
All of the modern Kerberos implementations support things stronger than DES:
* MIT supports 3DES, AES and RC4
* Heimdal supports 3DES, [AES] and RC4
* Microsoft supports RC4
* Cibersafe supports a 3DES incompatible with the rest of the world
I'm not sure if the Heimdal AES support is in the 0.6 release or just
on the mainline. Note that all the AES support is slightly incomplete
particularlyl dealing with GSSAPI. Active efforts are trying to fix
this.
More information about the Kerberos
mailing list