söndag 12 oktober 2008

DES will die in Heimdal 1.3

A long long time ago DES was standardized (1973, before I was born). Some 30 years later (2003) is was withdrawn as a standard by NIST, today 5 years later, its time for DES to finally die. Last year you could brute force DES in 6.4 days by buying a machine for $10000. So last year was the time for you to migrate to better encryption types for your Kerberos realm.

If you really are in love with DES and can't stand to be without it, now its the time to add "[libdefaults] allow_weak_crypto = true"to your configuration file so that your love wont die when you upgrade next time. If you want to check your configuration, the code is already commited to trunk in the source repro.

Application that will stop working are old Kerberos 4 tools and telnet/telnetd.

Heimdal-1.3 will deprecate DES

PS there is an exception for AFS to allow it still to use DES encryption types.

Inga kommentarer:

Skicka en kommentar