Simple question on multiple mac/encryption algorithm

Sam Hartman hartmans at MIT.EDU
Thu Sep 18 13:49:02 EDT 2003


Kerberos does use a modular approach to encryption; the MIt
implementation of Kerberos supports des, 3des, rc4 and AES at current
writing.

There is also a modular approach for checksums that are used.

However, the technology that is used to integrity protect ciphertext
is tied to the encryption type.  For example, AES always uses
sha1-hmac and RC4 always uses md5-hmac.  Note that if we needed to use
something else with AES we could simply standardize AES with some
other MAC as a new encryption type.




More information about the Kerberos mailing list