The NULL Encryption System

Nicolas Williams Nicolas.Williams at
Mon Mar 29 15:10:21 EST 2004

On Mon, Mar 29, 2004 at 02:57:57PM -0500, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:
>     Nicolas> Technically it was (and still is) used by some rfc1964
>     Nicolas> (krb5 gss mech) implementations for "encrypting" the
>     Nicolas> KRB-CRED encpart; other than this the null enctype has
>     Nicolas> not been used for anything else, nor should be.
> No, if they used the null enctype, then you'd get an EncryptedData
> with plaintext as ciphertext; you don't even get that.  You get the
> encrypted part of the krb_cred structure encoded directly in the place
> where you'd expect an EncryptedData.

My recollection of this is that at the first interim KRB WG meeting at
MIT Tom showed me the opposite, but I could be wrong.

More information about the krbdev mailing list