Quick question related to Kerberos + AES256 + SHA2

Prashanth Marampally PMarampally at agiliance.com
Thu Feb 25 11:11:36 EST 2016


Hi Simo,

Thanks for you reply and link.

Looks like draft expires on July 28, 2016.

Anyways, thanks for the update.

Thanks,
Prashanth 

-----Original Message-----
From: Simo Sorce [mailto:simo at redhat.com] 
Sent: Thursday, February 25, 2016 9:10 PM
To: Prashanth Marampally
Cc: Rick van Rein; kerberos at mit.edu
Subject: Re: Quick question related to Kerberos + AES256 + SHA2

Not that the Kitten WG is working on standardizing new enctypes for AES
+HMAC-SHA2, this is the latest draft:
https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09

Although it will take a while before all the most common implementations will have support for it, and it may never land on older OSs.

Simo.

On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote:
> Yep. Got it!
> 
> Thanks,
> Prashanth
> 
> -----Original Message-----
> From: Rick van Rein [mailto:rick at openfortress.nl]
> Sent: Thursday, February 25, 2016 7:50 PM
> To: Prashanth Marampally
> Cc: kerberos at mit.edu
> Subject: Re: Quick question related to Kerberos + AES256 + SHA2
> 
> OK,
> 
> Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger.  I didn't make that clear before.
> 
> -Rick
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


--
Simo Sorce * Red Hat, Inc * New York




More information about the Kerberos mailing list