Projects/Disable DES
From K5Wiki
< Projects
Revision as of 20:54, 20 January 2009 by TomYu (talk | contribs) (New page: {{project-early}} This project will disable the single-DES encryption algorithms by default. A future (post-1.7) release will remove the code that supports single-DES. In order to make t...)
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
This project will disable the single-DES encryption algorithms by default. A future (post-1.7) release will remove the code that supports single-DES.
In order to make this more future-proof, the configuration of enctypes will be enhanced to allow for inclusions and exclusions, e.g.
permitted_enctypes = DEFAULT +des-cbc-crc
or
permitted_enctypes = DEFAULT -arcfour-hmac
where DEFAULT
designates the default set of enctypes.
Not included are facilities to enable or disable groups of enctypes, e.g. all DES-based enctypes. That will be a separate project.