Not that the Kitten WG is working on standardizing new enctypes for AES +HMAC-SHA2, this is the latest draft: https://tools.ietf.org/html/draft-ietf-kitten-aes-cts-hmac-sha2-09
Although it will take a while before all the most common implementations will have support for it, and it may never land on older OSs. Simo. On Thu, 2016-02-25 at 14:22 +0000, Prashanth Marampally wrote: > Yep. Got it! > > Thanks, > Prashanth > > -----Original Message----- > From: Rick van Rein [mailto:r...@openfortress.nl] > Sent: Thursday, February 25, 2016 7:50 PM > To: Prashanth Marampally > Cc: kerberos@mit.edu > Subject: Re: Quick question related to Kerberos + AES256 + SHA2 > > OK, > > Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I > didn't make that clear before. > > -Rick > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
