directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <enriqu...@gmail.com>
Subject Re: Kerberos Question
Date Thu, 13 Jul 2006 01:02:04 GMT
Richard Scott wrote:
...
> So, my question (to whomever it should be addressed - and I have no clue 
> who has been working in this area!) is are there plans underway to drop 
> support for DES in this implementation as well?

Hi, Richard,

We don't have any plans to drop support for DES.  Despite problems with 
DES, it is still widely used.  In fact, DES plays a key role in 
Microsoft environments, as the primary cipher for interoperability.  If 
you can point to some information where other distros are dropping DES, 
I'd love to read more.  I believe what you mean is that MIT Kerberos is 
dropping support for Version 4 of the Kerberos protocol.  From an MIT 
Kerberos announcement [1]:

"The Data Encryption Standard (DES) has reached the end of its useful
life.  DES is the only encryption algorithm supported by Kerberos 4,
and the increasingly obvious inadequacy of DES motivates the
retirement of the Kerberos 4 protocol."

We already don't support the Kerberos 4 protocol and because of its age, 
vulnerability, and lack of deployment, we had never planned on adding it.

> Who are the folks working on Kerberos?

It's good to have someone new looking at the Kerberos code.  I am 
intimately familiar with the Kerberos protocol-provider, so please let 
me know if you have any questions.

Enrique

[1] http://www.secure-endpoints.com/kfw/kfw-3-0-announce.txt

Mime
View raw message