[3985] in Kerberos
Re: Kerberos and DES
daemon@ATHENA.MIT.EDU (Donald Sharp)
Tue Oct 4 11:16:12 1994
Date: Tue, 4 Oct 94 10:28:27 EDT
From: cc32859@vantage.fmrco.com (Donald Sharp)
To: asmyth%warren.med.harvard.edu@stowe.fmrco.com
Cc: Kerberos%MIT.EDU@stowe.fmrco.com
Yes, you can use the DES algorithm without implementing Kerberos -
there is a DES implementation with the Kerberos distribution from MIT,
and I know of other implementations that are optimized for the 680x0
and 80x86 architectures.
without knowing anything about the purpose for which you are using
encryption it's hard to know whether DES by itself is too much, too
little, or just right. Let me just point out that beyond implementing
a message privacy mechanism (with DES) and a message tamper-proofing
mechanism (with MD4 or MD5) Kerberos provides a key management scheme.
If you're using raw DES you'll have to come up with some analogous
secure mechanism for choosing and distributing keys.
--------
Don Sharp cc32859@vantage.fmrco.com
Fidelity Investments (617) 570-3905
82 Devonshire St. A2A
Boston, MA 02109
