[37429] in Kerberos
RE: Quick question related to Kerberos + AES256 + SHA2
daemon@ATHENA.MIT.EDU (Prashanth Marampally)
Thu Feb 25 11:11:59 2016
From: Prashanth Marampally <PMarampally@agiliance.com>
To: Simo Sorce <simo@redhat.com>
Date: Thu, 25 Feb 2016 16:11:36 +0000
Message-ID: <E8B88F60B13F8A45B352646B20CF85BC7E0E2638@mbx029-w1-ca-10.exch029.domain.local>
In-Reply-To: <1456414787.6599.296.camel@redhat.com>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Simo,
Thanks for you reply and link.
Looks like draft expires on July 28, 2016.
Anyways, thanks for the update.
Thanks,
Prashanth
-----Original Message-----
From: Simo Sorce [mailto:simo@redhat.com]
Sent: Thursday, February 25, 2016 9:10 PM
To: Prashanth Marampally
Cc: Rick van Rein; kerberos@mit.edu
Subject: Re: Quick question related to Kerberos + AES256 + SHA2
Not that the Kitten WG is working on standardizing new enctypes for AES
+HMAC-SHA2, this is the latest draft:
https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09
Although it will take a while before all the most common implementations will have support for it, and it may never land on older OSs.
Simo.
On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote:
> Yep. Got it!
>
> Thanks,
> Prashanth
>
> -----Original Message-----
> From: Rick van Rein [mailto:rick@openfortress.nl]
> Sent: Thursday, February 25, 2016 7:50 PM
> To: Prashanth Marampally
> Cc: kerberos@mit.edu
> Subject: Re: Quick question related to Kerberos + AES256 + SHA2
>
> OK,
>
> Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I didn't make that clear before.
>
> -Rick
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
