[16092] in Kerberos_V5_Development
Re: Adding Fortuna as a new prng
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Fri Aug 20 12:37:09 2010
Date: Fri, 20 Aug 2010 11:36:14 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Sam Hartman <hartmans@mit.edu>
Message-ID: <20100820163614.GB17097@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <tsl4oeqd9mc.fsf@mit.edu>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, Aug 19, 2010 at 09:18:03AM -0400, Sam Hartman wrote:
> I kind of question the future plan. I consider myself a power user and
> couldn't imagine ever wanting to switch PRNGs. I think few Kerberos
> users want the complexity of PRNG selection. I've never had to select
> the PRNG I use for OpenSSL, Windows, ssh, NSS or the like. Why should I
> for Kerberos?
+1
(Well, I could see people switching crypto implementations because some
are faster than others in some cases, slower in others. For a while you
could do just that in some Solaris applications, including ssh. But for
the PRNG I agree that providing more run-time options is not a good
idea. Build-time options are OK, and maybe even desirable.)
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
