[OpenAFS] scan client version

Christian Lists chanlists@googlemail.com
Tue, 6 Aug 2013 15:12:26 +0200


--047d7bdca46c2594d504e3472dc7
Content-Type: text/plain; charset=ISO-8859-1

All,

Thanks for all the useful input. I will look into what I can do on the
KDCs. Best,

Christian
Am 01.08.2013 21:01 schrieb "Jeffrey Hutzelman" <jhutz@cmu.edu>:

> On Thu, 2013-08-01 at 12:30 -0400, Jeffrey Altman wrote:
>
>
> > The rxkad-kdf change does not get rid of 1DES.  It simply permits the
> > afs cell key to be a non-1DES key.  All wire encryption and the actual
> > rxkad challenge/response is still performed using 1DES.
>
> Actually, that's not strictly true.  Using rxkad-kdf effectively does
> eliminate use of DES.  As always, wire encryption and challenge/response
> are performed using fcrypt, not DES.  Not that this should make anyone
> feel better...
>
> -- Jeff
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

--047d7bdca46c2594d504e3472dc7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">All,</p>
<p dir=3D"ltr">Thanks for all the useful input. I will look into what I can=
 do on the KDCs. Best,</p>
<p dir=3D"ltr">Christian</p>
<div class=3D"gmail_quote">Am 01.08.2013 21:01 schrieb &quot;Jeffrey Hutzel=
man&quot; &lt;<a href=3D"mailto:jhutz@cmu.edu">jhutz@cmu.edu</a>&gt;:<br ty=
pe=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, 2013-08-01 at 12:30 -0400, Jeffrey Altman wrote:<br>
<br>
<br>
&gt; The rxkad-kdf change does not get rid of 1DES. =A0It simply permits th=
e<br>
&gt; afs cell key to be a non-1DES key. =A0All wire encryption and the actu=
al<br>
&gt; rxkad challenge/response is still performed using 1DES.<br>
<br>
Actually, that&#39;s not strictly true. =A0Using rxkad-kdf effectively does=
<br>
eliminate use of DES. =A0As always, wire encryption and challenge/response<=
br>
are performed using fcrypt, not DES. =A0Not that this should make anyone<br=
>
feel better...<br>
<br>
-- Jeff<br>
<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
<a href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br=
>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" target=
=3D"_blank">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br>
</blockquote></div>

--047d7bdca46c2594d504e3472dc7--