Re: AES keys?

[Love <lha@stacken.kth.se>]

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> What should I put in the [kadmin] default_keys line to get AES keys generated?
>
> I'm guessing it's something like:
> 	default_keys = v4 . . . aes256_cts_hmac_sha1:pw-salt
>
> Also any comments on interoperability with implementations like
> Solaris 8 and Microsoft that don't support aes?  There are situations
> where I want to support full compatibility and use des-cbc-crc, and
> there are others where I need better security than that and must use
> aes256.  A given user may need to operate with both kinds of servers.

Its only in current heimdal where we try to support AES, I've not run it in
production system (ie other then just me on my laptop) with MS nor Solaris,
but from it seems to work mostly just fine (from a client side)

The salt string will be aes256-cts-hmac-sha1-96:pw-salt, and its included
in the "v5" salts.

Love

PGP signature