-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey Altman wrote: > Garrison, Eric C wrote: > >> 07/08/09 14:53:56 07/09/09 00:53:44 afs/[email protected] >> renew until 07/09/09 14:53:40, Etype (skey, tkt): AES-256 CTS mode >> with 96-bit >> SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC >> >> So what else should I look for in the token being bad in another way? > > The answer is right above. AES-256 is not DES-CBC-CRC
I'm told by our ADS admin that DES3 isn't supported, and DES-CBC-CRC is somewhat weak by modern standards. How concerned should I be? Is there another option that's secure and supported in AD? Thanks, Chris - -- Eric Chris Garrison | Principal Mass Storage Specialist [email protected] | Indiana University - Research Storage W: 317-278-1207 M: 317-250-8649 | Jabber IM: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKVfSLG2WsK8XoJWURAkgCAJ9DnJH4qORTrcxVOiAcsoRE6x3cfgCcCnCq L8P+s07RQgt6qvU6+Bhes7o= =/Cv/ -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
