Interoperability with Microsoft KDC using AES
Todd Stecher
tstecher at qwest.net
Tue May 29 17:35:42 EDT 2007
On May 29, 2007, at 2:21 PM, Ankur Upadhyaya wrote:
> Based on what I have read so far, I understand that only DES
> encryption
> can be used if client and server principals using MIT Kerberos 5
> are to
> interoperate with a Microsoft Windows Server 2000 or 2003 Active
> Directory
> KDC.
Correct.
>
> As of Windows Server 2008, however, Microsoft will support 256-bit AES
> encryption for its Kerberos implementation. Does anybody have any
> information on whether or not MIT Kerberos 5 principals will be
> able to
> interoperate with this Microsoft KDC using 256-bit AES encryption (or
> anything stronger than DES)?
If this didn't happen, someone at MS is asleep at the wheel (right
larry / JK?). In truth, when I left, AES interop was one of the top
priorities of the Windows team, and they've been contributing heavily
to the AES standard.
(In fact, support for an AES Kerberos client may already be in Vista.)
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
Thanks,
Todd
More information about the krbdev
mailing list