aes-sha2 in default etype list now?
Greg Hudson
ghudson at mit.edu
Wed Jun 21 13:13:38 EDT 2017
On 06/21/2017 11:11 AM, Weijun Wang wrote:
> But the doc at https://github.com/krb5/krb5/blob/master/doc/conf.py#L275
> shows:
>
> .. |defetypes| replace:: ``aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5
> camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5
> des-cbc-md4``
That's an oversight; I have filed a PR to update it.
> Are aes128-sha2 and aes256-sha2 default etypes?
They are permitted by default, though not in the default list of
key/salt types for generating new keys.
More information about the krbdev
mailing list