Skip Menu |
 

Subject: Remove des3 and arcfour from supported_enctypes
The des3 and arcfour enctypes use weaker string-to-key algorithms than the AES enctypes.
Remove them from the default supported_enctypes setting to avoid generating password-
derived keys for them. This could cause compatibility problems with Windows XP and similar
vintage Windows platforms, but XP was recently completely desupported. We should document
these compatibility considerations with this change.
From: tlyu@mit.edu
Subject: git commit

Remove des3 and arcfour from supported_enctypes

The des3 and arcfour (rc4) enctypes use weak string-to-key algorithms,
and should not be used for producing password-derived keys.

https://github.com/krb5/krb5/commit/38a31852c3e58f6e2f6b3b035a87f817d1db5537
Author: Tom Yu <tlyu@mit.edu>
Commit: 38a31852c3e58f6e2f6b3b035a87f817d1db5537
Branch: master
src/include/osconf.hin | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)