Simple question on multiple mac/encryption algorithm

Gustavo Rios gustavo.rios at terra.com.br
Sun Oct 19 18:04:57 EDT 2003


hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tsln0d2f0mp.fsf at konishi-polis.mit.edu>...
> Kerberos does use a modular approach to encryption; the MIt
> implementation of Kerberos supports des, 3des, rc4 and AES at current
> writing.
> 
> There is also a modular approach for checksums that are used.
> 
> However, the technology that is used to integrity protect ciphertext
> is tied to the encryption type.  For example, AES always uses
> sha1-hmac and RC4 always uses md5-hmac.  Note that if we needed to use
> something else with AES we could simply standardize AES with some
> other MAC as a new encryption type.
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

So it is not possible to combine n MAC vs. M ENC types in a upward
compatible manner, right ?


More information about the Kerberos mailing list