differences between des3-cbc-sha1 and des3-cbc-md5

Sam Hartman hartmans at MIT.EDU
Wed Sep 15 20:50:10 EDT 2004


>>>>> "Ahluwalia," == Ahluwalia, Ish <iahluwalia at sonusnet.com> writes:

    Ahluwalia,> Thanks Sam.  For a perosn who is new to encryption -
    Ahluwalia,> What I understand from your statement below is that
    Ahluwalia,> DES3-CBC-MD5 uses the regular checksum rsa-md5 and not
    Ahluwalia,> rsa-md5-des3.  And, des3-cbc-md5 is not supported
    Ahluwalia,> because rsa-md5 is an unkeyed hashing algorithm.  Is
    Ahluwalia,> my understanding correct?  Thanks again.  No.  That's
    not what I said at all.  All I said is that des3-cbc-md5 does not
    work the same way as des3-cbc-sha1.  One of the ways in which it
    does not work the same way is that it ignores the keyusage input
    to the crypto profile operations.

I have specifically made no positive statement about how it works; I
don't remember.  I remember some of the reasons it was not
standardized, that's all.

--Sam




More information about the Kerberos mailing list