Simple question on multiple mac/encryption algorithm

Gustavo Rios gustavo.rios at
Sun Oct 19 18:04:57 EDT 2003

hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tsln0d2f0mp.fsf at>...
> Kerberos does use a modular approach to encryption; the MIt
> implementation of Kerberos supports des, 3des, rc4 and AES at current
> writing.
> There is also a modular approach for checksums that are used.
> However, the technology that is used to integrity protect ciphertext
> is tied to the encryption type.  For example, AES always uses
> sha1-hmac and RC4 always uses md5-hmac.  Note that if we needed to use
> something else with AES we could simply standardize AES with some
> other MAC as a new encryption type.
> ________________________________________________
> Kerberos mailing list           Kerberos at

So it is not possible to combine n MAC vs. M ENC types in a upward
compatible manner, right ?

More information about the Kerberos mailing list