[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES or equivalent telnet encryption with kerberos

To: "Markus Moeller" <markus_moeller@compuserve.com>
Subject: Re: 3DES or equivalent telnet encryption with kerberos
From: joda@pdc.kth.se (Johan Danielsson)
Date: 19 Sep 2003 13:54:14 +0200
Cc: <kerberos@mit.edu>, <heimdal-discuss@sics.se>
In-Reply-To: "Markus Moeller"'s message of "Thu, 18 Sep 2003 20:53:45 +0100"
References: <000c01c37e1e$920055c0$500e7ad5@home>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

"Markus Moeller" <markus_moeller@compuserve.com> writes:

> I assume that this has been done in the past, but I haven't found
> any example.

I believe there are a couple of old drafts.

> But I found the below telnet client/server source from the srp
> project which has 3DES/CAST128 encryption and modified the
> kerberos5.c file to allow 3DES encryption.

All this seems to do, is use DES3/whatever in CFB-mode, and it's far
from clear that this gives you any better security than DES in
CFB-mode. There's a paper by Biham talking about this.

If you really want to do something with telnet, I think AES (not in
CFB-mode) is the way forward.

/Johan

References:
- 3DES or equivalent telnet encryption with kerberos
  - From: "Markus Moeller" <markus_moeller@compuserve.com>

Prev by Date: Re: Incomplete documentation
Next by Date: Re: Incomplete documentation
Prev by thread: 3DES or equivalent telnet encryption with kerberos
Next by thread: heimdal + ipv6 problem
Index(es):
- Date
- Thread