Katrine Svendsen <[EMAIL PROTECTED]> writes: > I'm trying to find some details about the traffic encryption between an > AFS client and server (fs setcrypt on/off), but this seems to be very > difficult.I would like to know about such things as keylength, mode of > operation, key generation/distribution etc. Does anybody have a good > source for this?
AFS uses an encryption method called fcrypt, which is a modified DES. Google for fcrypt will return a lot of hits, although I don't know if any of them have detailed analyses. This encryption method is fairly obsolete at this point. > It also seems to me that not too much have happened in this field (when > considering AFS) the last years. Am I right when I think that the > network traffic-encryption in AFS is somewhat "ancient"? Why is there > not more focus on this? On the contrary, this is our top development priority apart from keeping things generally working, and is the focus of both the rxk5 and rxgk work. The difficulty is that replacing the encryption algorithm in AFS requires substantial protocol changes and ideally one wants to generalize the encryption layer and support all GSSAPI encryption types at the same time, as well as provide a framework for stronger authentication in general. Both rxk5 and rxgk have made substantial progress in the past year. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
