Eric Chris Garrison <[email protected]> writes: > Jeffrey Altman wrote:
>> The answer is right above. AES-256 is not DES-CBC-CRC > > I'm told by our ADS admin that DES3 isn't supported, That wouldn't help; AFS doesn't support DES3 anyway. > and DES-CBC-CRC is somewhat weak by modern standards. How concerned > should I be? About as concerned as everyone else running AFS. It's a known weakness, and there are various efforts underway to address it over time, such as the rxk5 work which is available on a branch for testing. There isn't any solution ready yet for production use. > Is there another option that's secure and supported in AD? No. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
