Hi Rick, Thank you so much for quick reply.
I'll go through it now. Thanks, Prashanth -----Original Message----- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Rick van Rein Sent: Thursday, February 25, 2016 7:33 PM To: kerberos@mit.edu Subject: Re: Quick question related to Kerberos + AES256 + SHA2 Hey, You cannot mix any set of algorithms you want, but you need a predefined encryption type. Compare it to TLS' ciphersuites if you like. ` The standardised list is available on http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml The closest to what you are asking is aes256-cts-hmac-sha1-96; it uses a SHA1 hash cut off to a 96 bit prefix as a MAC, if I remember correctly. Chase the link if you need more detail / certainty. As far as I know, MIT Kerberos will use this encryption type by default. Can't speak for Heimdal, Shishi or AD. -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
