Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2113 From tytso@MIT.EDU Fri Nov 22 20:59:38 1996 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id UAA14612 for ; Fri, 22 Nov 1996 20:59:38 -0500 Received: from DCL.MIT.EDU by MIT.EDU with SMTP id AA03095; Fri, 22 Nov 96 20:59:37 EST Received: by dcl.MIT.EDU (5.x/4.7) id AA09688; Fri, 22 Nov 1996 20:59:37 -0500 Message-Id: <9611230159.AA09688@dcl.MIT.EDU> Date: Fri, 22 Nov 1996 20:59:37 -0500 From: tytso@MIT.EDU Reply-To: tytso@MIT.EDU To: krb5-bugs@MIT.EDU Subject: Triple-DES should be disabled X-Send-Pr-Version: 3.99 >Number: 231 >Category: krb5-libs >Synopsis: Triple-DES should be disabled >Confidential: no >Severity: serious >Priority: high >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Nov 22 21:00:01 EST 1996 >Last-Modified: Sat Nov 23 00:24:24 EST 1996 >Originator: Theodore Y. Ts'o >Organization: mit >Release: 1.0-development >Environment: System: SunOS dcl 5.4 Generic_101945-37 sun4m sparc >Description: Triple DES should be disabled for the 1.0 release, since the code we have is nothing like how it will be done for Real. In fact, we may not want to distribute the Triple DES directories. The same goes for the SHA hash algorithm, although I think that's much less likely to change.... >How-To-Repeat: >Fix: >Audit-Trail: From: Sam Hartman To: tytso@MIT.EDU Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-libs/231: Triple-DES should be disabled Date: 23 Nov 1996 00:10:53 -0500 I would object to pulling directories out this late, but if zeroing would be reasonable--in cryptoconf.c or something. State-Changed-From-To: open-closed State-Changed-By: tytso State-Changed-When: Sat Nov 23 00:20:18 1996 State-Changed-Why: I've removed removed the configuration options for 3DES, and removed the #defines which define the value in cryptoconf.c. Just to be sure, I've also changed cryptoconf.c to make sure that 3DES can't be used as well. >Unformatted: