>>>>> "Kent" == <[EMAIL PROTECTED]> writes:
Kent> Hi, In the kerberos authentication process, it does
Kent> encryption a lot to guarantee the security. Hoever from the
Kent> materials I read it seems it's using DES encryption method
Kent> behind it which is not considered safe anymore, so are we
Kent> going to use a more advanced algorithm or we've done that
Kent> already?
All of the modern Kerberos implementations support things stronger than DES:
* MIT supports 3DES, AES and RC4
* Heimdal supports 3DES, [AES] and RC4
* Microsoft supports RC4
* Cibersafe supports a 3DES incompatible with the rest of the world
I'm not sure if the Heimdal AES support is in the 0.6 release or just
on the mainline. Note that all the AES support is slightly incomplete
particularlyl dealing with GSSAPI. Active efforts are trying to fix
this.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
