Simple question on multiple mac/encryption algorithm
Sam Hartman
hartmans at MIT.EDU
Thu Sep 18 13:49:02 EDT 2003
Kerberos does use a modular approach to encryption; the MIt
implementation of Kerberos supports des, 3des, rc4 and AES at current
writing.
There is also a modular approach for checksums that are used.
However, the technology that is used to integrity protect ciphertext
is tied to the encryption type. For example, AES always uses
sha1-hmac and RC4 always uses md5-hmac. Note that if we needed to use
something else with AES we could simply standardize AES with some
other MAC as a new encryption type.
More information about the Kerberos
mailing list