[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES or equivalent telnet encryption with kerberos
"Markus Moeller" <firstname.lastname@example.org> writes:
> I assume that this has been done in the past, but I haven't found
> any example.
I believe there are a couple of old drafts.
> But I found the below telnet client/server source from the srp
> project which has 3DES/CAST128 encryption and modified the
> kerberos5.c file to allow 3DES encryption.
All this seems to do, is use DES3/whatever in CFB-mode, and it's far
from clear that this gives you any better security than DES in
CFB-mode. There's a paper by Biham talking about this.
If you really want to do something with telnet, I think AES (not in
CFB-mode) is the way forward.