Review of http://k5wiki.kerberos.org/wiki/Projects/Disable_DES ending February 13, 2009
Tom Yu
tlyu at MIT.EDU
Wed Jan 28 21:16:18 EST 2009
Please review the project
http://k5wiki.kerberos.org/wiki/Projects/Disable_DES
The review period ends on February 13, 2009.
This project aims to disable single-DES cryptosystems by default. The
"allow_weak_crypto" libdefaults setting (which is compatible with
Heimdal) will override this disabling. Note that a more general means
of configuring enctypes, allowing for explicit inclusions and
exclusions, is out of scope for this project for time reasons but is
clearly a better way to accomplish this functionality.
An initial implementation is already committed to the trunk.
--
Tom Yu
Development Team Leader
MIT Kerberos Consortium
More information about the krbdev
mailing list