Heimdal-1.3 will deprecate DES

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Heimdal-1.3 will deprecate DES

Love Hörnquist Åstrand
Hello,

Heimdal-1.3 will deprecate DES

A long long time ago DES was standardized (1973, before I was born).  
Some 30 years later (2003) is was withdrawn as a standard by NIST,  
today 5 years later, its time for DES to finally die. Last year you  
could brute force DES in 6.4 days by buying a machine for $10000. So  
last year was the time for you to migrate to better encryption types  
for your Kerberos realm.

If you really are in love with DES and can't stand to be without it,  
now its the time to add "[libdefaults] allow_weak_crypto = true"to  
your configuration file so that your love wont die when you upgrade  
next time. If you want to check your configuration, the code is  
already commited to trunk in the source repro.

Application that will stop working are old Kerberos 4 tools and telnet/
telnetd.

Heimdal-1.3 will deprecate DES

Love

PS there is an exception for AFS to allow it still to use DES  
encryption types.
PSS Heimdal-1.3 will deprecate DES