3DES or equivalent telnet encryption with kerberos

Johan Danielsson joda at pdc.kth.se
Fri Sep 19 07:54:14 EDT 2003


"Markus Moeller" <markus_moeller at compuserve.com> writes:

> I assume that this has been done in the past, but I haven't found
> any example.

I believe there are a couple of old drafts.

> But I found the below telnet client/server source from the srp
> project which has 3DES/CAST128 encryption and modified the
> kerberos5.c file to allow 3DES encryption.

All this seems to do, is use DES3/whatever in CFB-mode, and it's far
from clear that this gives you any better security than DES in
CFB-mode. There's a paper by Biham talking about this.

If you really want to do something with telnet, I think AES (not in
CFB-mode) is the way forward.

/Johan


More information about the Kerberos mailing list