Use of Encryption for KRB_AP_REQ
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Sun Sep 12 04:37:38 EDT 2004
Hi,
The CyberSafe products support this cipher suite (e.g. 3DES-CBC-MD5),
however we use etype=5 for this suite which is different to other
implementations that use etype=5. This is clearly not a good approach
since every implementation that is using etype=5 should represent the
same (and compatible) cipher suite. We clearly have to be careful about
how our 3DES support is used by our customers. We will encourage the use
of AES instead when we have made this available in our products.
Is your requirement related to PacketCable or CableHome ? I ask this
because I am aware that these standards use 3DES-CBC-MD5 as the cipher
suite.
Thanks,
Tim Alsop
CyberSafe Limited
www.cybersafe.ltd.uk
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Ahluwalia, Ish
Sent: 11 September 2004 00:43
To: kerberos at mit.edu
Subject: Use of Encryption for KRB_AP_REQ
Hi All:
I'm new to kerberos world, so appologies in advance if it's too basic of
a question. Does MIT kerberos support des3-cbc-md5 encryption type? I
have a requirement which requires me to have the Authenticator field of
the AP_REQ to be encrypted using 3des-cbc-md5 encryption algorithm.
Looking at krb5.h file and the IETF specification, it doesn't look like
this algorithm is supported. Any help will be greatly appreciated? Is
there a way to get around this problem and still use MIT kerberos V5.
Thanks.
Ish...
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list