[OpenAFS] Supported enctypes in OpenAFS 1.4.x

Derrick J Brashear shadow@dementia.org
Wed, 30 Aug 2006 10:52:44 -0400 (EDT)

On Wed, 30 Aug 2006, Rodney M Dyer wrote:

> At 09:57 AM 8/30/2006, Jeffrey Altman wrote:
>> At the moment the requirement is that the service key and the session
>> key be limited to one of the single DES types.  DES-CBC-CRC,
>> In some future we will support stronger encryption types.
> Exactly what does this "future" depend on:
> * Simple developer time to implement?

Marcus Watts and Matt Benjamin are almost done with it.

> * Encryption algorithm licensing?

No. We're using what krb5 does.

> * Encryption algorithm development?

That would be foolish. Read about the history of PGP.

> * Does the AFS codebase have a modular encryption scheme where a new 
> algorithm can simply be "plugged in"?

Sort of.

> * Can you just simply use the prototype encryption algorithms from their 
> respective RFCs?

krb5 comes with a crypto library anyway...

> * If you started today on a full time basis, how long do you think it would 
> it take to add AES for example?

Am I allowed access to other people's work completed so far?

> * Would this also include the implementation time for "fs crypt"?

All fs crypt does is tweak a bit.