On 4/16/20 5:45 AM, Rick van Rein wrote: > No, that is not what we meant :) Is an updated version of KfW planned > anytime soon?
There is a beta release of KfW 4.2 based on 1.17, which has aes-sha2 support: http://web.mit.edu/kerberos/kfw-4.2/kfw-4.2.html When testing this beta release internally within MIT, we noticed some very superficial installer issues (a couple of unexpected prompts), and it's been hard to track those down and rectify them. That's why this hasn't progressed to the official release. I'm not aware of any other issues. > The underlying crypto is libk5crypto. We aim to shield the symmetric > cryptography from Quantum Computers, which explains the pressure on key > sizes (not even sure this is enough). Wouldn't you want an aes256 enctype in that case, instead of the aes128-sha2 enctype from the error message? _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev