[28645] in CVS-changelog-for-Kerberos-V5
krb5 commit: Remove des3 and arcfour from supported_enctypes
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Nov 5 18:52:57 2014
Date: Wed, 5 Nov 2014 18:52:52 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201411052352.sA5NqqIw029850@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/38a31852c3e58f6e2f6b3b035a87f817d1db5537
commit 38a31852c3e58f6e2f6b3b035a87f817d1db5537
Author: Tom Yu <tlyu@mit.edu>
Date: Wed Nov 5 14:10:35 2014 -0500
Remove des3 and arcfour from supported_enctypes
The des3 and arcfour (rc4) enctypes use weak string-to-key algorithms,
and should not be used for producing password-derived keys.
ticket: 7903
src/include/osconf.hin | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 6f28bc3..922d796 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -101,8 +101,7 @@
#define KRB5_DEFAULT_SUPPORTED_ENCTYPES \
"aes256-cts-hmac-sha1-96:normal " \
- "aes128-cts-hmac-sha1-96:normal " \
- "des3-cbc-sha1:normal arcfour-hmac-md5:normal"
+ "aes128-cts-hmac-sha1-96:normal"
#define MAX_DGRAM_SIZE 65536
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5