On Wed, 30 Aug 2006, Rodney M Dyer wrote:
At 09:57 AM 8/30/2006, Jeffrey Altman wrote:
At the moment the requirement is that the service key and the session
key be limited to one of the single DES types. DES-CBC-CRC,
DES-CBC-MD5, DES-CBC-MD4.
In some future we will support stronger encryption types.
Exactly what does this "future" depend on:
* Simple developer time to implement?
Marcus Watts and Matt Benjamin are almost done with it.
* Encryption algorithm licensing?
No. We're using what krb5 does.
* Encryption algorithm development?
That would be foolish. Read about the history of PGP.
* Does the AFS codebase have a modular encryption scheme where a new
algorithm can simply be "plugged in"?
Sort of.
* Can you just simply use the prototype encryption algorithms from their
respective RFCs?
krb5 comes with a crypto library anyway...
* If you started today on a full time basis, how long do you think it would
it take to add AES for example?
Am I allowed access to other people's work completed so far?
* Would this also include the implementation time for "fs crypt"?
All fs crypt does is tweak a bit.
Derrick
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
