directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Scott <>
Subject Kerberos Question
Date Thu, 13 Jul 2006 00:21:15 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000099">
Having started looking at the kerberos implementation (and wondering
where the best place is to begin to start sorting out what's what), I
actually started at one of the ends where I'm most comfortable -- the
crypto code.&nbsp; It appears that three algorithms are supported:&nbsp; DES,
TripleDES, and AES.&nbsp; TripleDES and AES are both fine, but support for
DES is being phased out by the entire known universe (as it well should
be.&nbsp; It had a predicted useful life of 20 years, and that was 30 years
ago -- and now some gameboys have sufficient processing power to mount
a serious attack on the keyspace!!)&nbsp; Anyway, MIT's kerberos is dropping
support, and NIST (US National Institute of Standards &amp; Technology
for anybody unfamiliar with the acronym) is effectively "de-certifying
it" by withdrawing the FIPS [standard] for it.&nbsp; <br>
So, my question (to whomever it should be addressed - and I have no
clue who has been working in this area!) is are there plans underway to
drop support for DES in this implementation as well?&nbsp;&nbsp; <br>
Who are the folks working on Kerberos?<br>

View raw message