[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES or equivalent telnet encryption with kerberos



"Markus Moeller" <markus_moeller@compuserve.com> writes:

> I assume that this has been done in the past, but I haven't found
> any example.

I believe there are a couple of old drafts.

> But I found the below telnet client/server source from the srp
> project which has 3DES/CAST128 encryption and modified the
> kerberos5.c file to allow 3DES encryption.

All this seems to do, is use DES3/whatever in CFB-mode, and it's far
from clear that this gives you any better security than DES in
CFB-mode. There's a paper by Biham talking about this.

If you really want to do something with telnet, I think AES (not in
CFB-mode) is the way forward.

/Johan