Given the standards based nature of this weak crypto I reluctantly give
a +1. I will say I'm disappointed in the X.org committee for not
allowing the AES to be specified but I understand the reluctance to do
so without a sample implementation.
----
XDM-AUTHORIZATION-1 implements a TDES [ FIPS 46-3 ] [1] based access
control mechanism [ as per description above ]. Environments with
more stringent security requirements may consider cryptologically
stronger ciphers more appropriate.
----
The mode of the crypto algorithm isn't listed so I assume this is ECB
since there is no mention of space for an IV for it to being CBC mode
(and given its age CTR, CCM etc didn't exist back then).
So +1 for standards reasons only.
If I was to help provide said sample implementation using AES what would
it take to get the standard revised ? I'd probably specify it as more
than just AES ECB though likely CCM. However given better (non shared
secret based) auth methods it just might not be worth it.
--
Darren J Moffat
