Simple question on multiple mac/encryption algorithm
gustavo.rios at terra.com.br
Sun Oct 19 18:04:57 EDT 2003
hartmans at MIT.EDU (Sam Hartman) wrote in message news:<tsln0d2f0mp.fsf at konishi-polis.mit.edu>...
> Kerberos does use a modular approach to encryption; the MIt
> implementation of Kerberos supports des, 3des, rc4 and AES at current
> There is also a modular approach for checksums that are used.
> However, the technology that is used to integrity protect ciphertext
> is tied to the encryption type. For example, AES always uses
> sha1-hmac and RC4 always uses md5-hmac. Note that if we needed to use
> something else with AES we could simply standardize AES with some
> other MAC as a new encryption type.
> Kerberos mailing list Kerberos at mit.edu
So it is not possible to combine n MAC vs. M ENC types in a upward
compatible manner, right ?
More information about the Kerberos