[EMAIL PROTECTED] (hot ice) writes:
>> From what I have digested so far about Kerberos - kerberos seems to
>> use DES. any specific reason for choosing DES? IMHO - there are
>> faster and m ore secure techniques out there - for instance
>> Blowfish.
In 1992, what would you have chosen?
DES is just the most common encryption type. In the mid-eighties,
when kerberos v4 development was happening, nobody even considered
another encryption type. In 1992 or so, when kerberos v5 development
started, it was clear that multiple encryption types were desirable,
but there weren't any other very practical choices. In the past
several years, MIT kerberos has gained support for triple des (3des),
although bugs in mixed-enctype environments are still being worked
out. Support for Rijndael (AES) should be easy to add, so I'd expect
to see that in the not-too-distant future, too.
Marc
