|
Having started looking at the kerberos implementation (and wondering
where the best place is to begin to start sorting out what's what), I
actually started at one of the ends where I'm most comfortable -- the
crypto code. It appears that three algorithms are supported: DES,
TripleDES, and AES. TripleDES and AES are both fine, but support for
DES is being phased out by the entire known universe (as it well should
be. It had a predicted useful life of 20 years, and that was 30 years
ago -- and now some gameboys have sufficient processing power to mount
a serious attack on the keyspace!!) Anyway, MIT's kerberos is dropping
support, and NIST (US National Institute of Standards & Technology
for anybody unfamiliar with the acronym) is effectively "de-certifying
it" by withdrawing the FIPS [standard] for it. So, my question (to whomever it should be addressed - and I have no clue who has been working in this area!) is are there plans underway to drop support for DES in this implementation as well? Who are the folks working on Kerberos? Thanks, Richard |
- Kerberos Question Richard Scott
- Re: Kerberos Question Enrique Rodriguez
- Re: Kerberos Question Richard Scott
- Re: Kerberos Question Enrique Rodriguez
- Re: Kerberos Question Ersin Er
- Re: Kerberos Question Enrique Rodriguez
