[37428] in Kerberos
Re: Quick question related to Kerberos + AES256 + SHA2
daemon@ATHENA.MIT.EDU (Simo Sorce)
Thu Feb 25 10:40:05 2016
Message-ID: <1456414787.6599.296.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Prashanth Marampally <PMarampally@agiliance.com>
Date: Thu, 25 Feb 2016 10:39:47 -0500
In-Reply-To: <E8B88F60B13F8A45B352646B20CF85BC7E0E2479@mbx029-w1-ca-10.exch029.domain.local>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Not that the Kitten WG is working on standardizing new enctypes for AES
+HMAC-SHA2, this is the latest draft:
https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09
Although it will take a while before all the most common implementations
will have support for it, and it may never land on older OSs.
Simo.
On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote:
> Yep. Got it!
>
> Thanks,
> Prashanth
>
> -----Original Message-----
> From: Rick van Rein [mailto:rick@openfortress.nl]
> Sent: Thursday, February 25, 2016 7:50 PM
> To: Prashanth Marampally
> Cc: kerberos@mit.edu
> Subject: Re: Quick question related to Kerberos + AES256 + SHA2
>
> OK,
>
> Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I didn't make that clear before.
>
> -Rick
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
