Greg Hudson <ghud...@mit.edu> writes: > On 5/18/19 10:49 PM, Dan Mahoney (Gushi) wrote: > >> q3: On the same note, what are others in the modern world moving to >> with this algo being deprecated? Is there a current recommendation? >> If one disables des3-cbc-sha1, what versions of kerberos are you >> effectively blackholing? > > Any Kerberos implementation from the last 15 or so years will support > the aes-sha1 enctypes, so aes256-cts-hmac-sha1-96 should interoperate > with everything you're likely to run into. des3-cbc-sha1 doesn't see > a lot of use because it was introduced not long before the aes-sha1 > enctypes, and because it was never implemented by Microsoft (only MIT > krb5 and Heimdal).
A breakdown of the why and what was conducted as part of rfc8429 (https://tools.ietf.org/html/rfc8429), which you may find helpful as well. >> (I have no idea about apple's internal processes, or what other >> vendors are following suit). > > I think Apple has traditionally been more aggressive than the rest of > the ecosystem, having completely removed single-DES support a while > ago and now warning about des3 and rc4. > > MIT krb5 is tentatively planning to remove single-DES support in 1.18 > and deprecate triple-DES. I believe Fedora plans to remove both > single-DES and triple-DES support in the next release. That's correct - I'm removing 3DES/1DES wholesale in Fedora 31. The change page for that is https://fedoraproject.org/wiki/Changes/krb5_crypto_modernization , but it's mostly a re-hash of what's been said above. Thanks, --Robbie
signature.asc
Description: PGP signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
