aes128 vs aes256 ?
wyllys.ingersoll at sun.com
Fri Jan 23 15:26:20 EST 2004
Regarding 1.3.2-beta code -
Just curious, why was aes128-cts-hmac-sha1-96 left out of the
DEFAULT_ETYPE_LIST in init_ctx.c ?
I noticed this because I have a DB that I created which has
aes128 master keys, but was later changed to support aes256.
Now it issues 128bit TGTs but 256 bit service keys and
this caused a problem in the 'krb5_is_permitted_enctype'
checks in rd_req_dec.c.
req->ticket->enc_part.enctype = 18
req->ticket->enc_part2->session->enctype = 17
This causes a problem because aes128 (etype 17) is not part of the
default list and I did not specify the permitted enctypes in my
Wyllys Ingersoll <wyllys.ingersoll at sun.com>
More information about the krbdev