Richard Scott wrote:
...
So, my question (to whomever it should be addressed - and I have no clue
who has been working in this area!) is are there plans underway to drop
support for DES in this implementation as well?
Hi, Richard,
We don't have any plans to drop support for DES. Despite problems with
DES, it is still widely used. In fact, DES plays a key role in
Microsoft environments, as the primary cipher for interoperability. If
you can point to some information where other distros are dropping DES,
I'd love to read more. I believe what you mean is that MIT Kerberos is
dropping support for Version 4 of the Kerberos protocol. From an MIT
Kerberos announcement [1]:
"The Data Encryption Standard (DES) has reached the end of its useful
life. DES is the only encryption algorithm supported by Kerberos 4,
and the increasingly obvious inadequacy of DES motivates the
retirement of the Kerberos 4 protocol."
We already don't support the Kerberos 4 protocol and because of its age,
vulnerability, and lack of deployment, we had never planned on adding it.
Who are the folks working on Kerberos?
It's good to have someone new looking at the Kerberos code. I am
intimately familiar with the Kerberos protocol-provider, so please let
me know if you have any questions.
Enrique
[1] http://www.secure-endpoints.com/kfw/kfw-3-0-announce.txt
