Adding supported enctypes to kdc
Russ Allbery
rra at stanford.edu
Fri Nov 16 18:50:16 EST 2007
John Washington <jawashin at uiuc.edu> writes:
> I would definitely add aes128-cts-hmac-sha1-96 and
> aes256-cts-hmac-sha1-96, as Microsoft is adding these to AD (and I
> prefer good encryption, not really broken encryption)
Is there any reason to add the 128-bit keys? So far, it seems like
everyone who can do 128-bit can also do 256-bit, but maybe that isn't true
of the upcoming Windows release? (They're both equally export-controlled,
so far as I know.)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list