[1153] in Kerberos_V5_Development
Re: des-3 & SHA
daemon@ATHENA.MIT.EDU (Richard Basch)
Fri May 10 14:20:54 1996
Date: Fri, 10 May 1996 14:19:39 -0400
To: Sam Hartman <hartmans@MIT.EDU>
Cc: "Richard Basch" <basch@lehman.com>, krbdev@MIT.EDU
In-Reply-To: <tslohnwr3f8.fsf@tertius.mit.edu>
From: "Richard Basch" <basch@lehman.com>
As you guessed, there were some side-discussions.
des3-md5 isn't used by anyone, and has never been available; therefore,
we are just jumping ahead and reusing the enctypes for des3-sha.
des3-md5 isn't even in rfc1510... I am not proposing the removal of
either md4 or md5 from the tree, only that one undefined enctype.
(actually, the only person who is using des3-md5 is me, and I just need
to write a kdb convert utility to move away from it; except for K/M, the
only other des3 keys here are associated with two Kerberos administrators.)
sha is at least a NIST proposed/accepted standard (FIPS 180), and md5 is
not. md5 may not have been broken yet, but now I would say there are
some doubts as to how long it will last (doesn't this sound like des?);
that's the rationale for keeping des-md5 and des3-sha...
the prng is another issue where there may be further enhancements; I had
originally neglected to apply the wrapped cbc chaining (the s2key
function has it for the same reason, and that was advice came from Uri).
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
