aes128 vs aes256 ?

Wyllys Ingersoll wyllys.ingersoll at
Mon Jan 26 12:52:06 EST 2004

On Mon, 2004-01-26 at 05:40, Sam Hartman wrote:
> I think out of a desire to make sure that people were implementing
> aes256 as that is the mandatory to implement enctype.
> Probably we should eventually change the code to allow aes128 by
> default.  Let us know if you need this to happen.

Its not critical to me since its easy enough to work around 
by setting the list in the krb5.conf file or fixing the 
code locally.

Although, supporting 128 bit by default might
be helpful for people with import/export restrictions 
since 128 is generally easier to get through than 256.


More information about the krbdev mailing list