[BMarc Mutz wrote/napisał[a]/schrieb: -- Start of PGP signed section. > On Thursday 04 October 2001 16:42, William A.(Andy) Adamson wrote: > <snip> > > i need kernel crypto - each rpcsec_gss packet that arrives at the > > NFSv4 client or server has to calculate a packet verifier (whether > > privacy or integrity are used or not). for kerberos v5 which is the > > first gss mechanism i'm implementing, the default method of > > constructing and verifying the verifier is to first perform an md5 > > digest on the data, and then encrypt it using des in cbc mode. > > Is there really no other cipher option than DES? It's broken, you know. > FreeSWAN is deliberately explcuding it, even though it's part of the > standard. I wouldn't support it in new projects. I wouldn't dare to call DES broken. It is the most researched algorithm we have, with the only weakness of key size (which is cured by using 3DES). Alex -- C _-=-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling | | * ; (_O : +-------------------------------------------------------------+ --+~| ! &~) ? | Płynąć chcę na Wschód, za Suez, gdzie jest dobrem każde zło | l_|/ A ~-=-~ O| Gdzie przykazań brak dziesięciu, a pić można aż po dno; | | Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/