I would definitely add aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96,
as Microsoft is adding these to AD (and I prefer good encryption, not
really broken encryption)

as per:
http://blogs.technet.com/ad/archive/...-together.aspx

* Steve Devine [2007-11-16 15:05]:
> Our current supported enctypes are:
> des3-hmac-sha1:normal, des-cbc-crc:normal, des-cbc-crc:v4, des-cbc-
> crc:afs3
>
> I want to add rc4-hmac
> So my question is will this disrupt anything? I have read that the
> order matters where I put it in the file.
> Do I need to rekey any principals with keepold? I don't intend to
> remove any enctypes just add them.
>
> Should I add anything else while I am at it? We are striving towards
> Microsoft Compatibility.
>
> Thanks
> Steve Devine
> MSU

John Washington writes:

> I would definitely add aes128-cts-hmac-sha1-96 and
> aes256-cts-hmac-sha1-96, as Microsoft is adding these to AD (and I
> prefer good encryption, not really broken encryption)

Is there any reason to add the 128-bit keys? So far, it seems like
everyone who can do 128-bit can also do 256-bit, but maybe that isn't true
of the upcoming Windows release? (They're both equally export-controlled,
so far as I know.)

--
Russ Allbery (rra@stanford.edu)

On Fri, Nov 16, 2007 at 03:50:16PM -0800, Russ Allbery wrote:
> John Washington writes:
>
> > I would definitely add aes128-cts-hmac-sha1-96 and
> > aes256-cts-hmac-sha1-96, as Microsoft is adding these to AD (and I
> > prefer good encryption, not really broken encryption)
>
> Is there any reason to add the 128-bit keys? So far, it seems like
> everyone who can do 128-bit can also do 256-bit, but maybe that isn't true
> of the upcoming Windows release? (They're both equally export-controlled,
> so far as I know.)

It isn't true for Solaris 10 without the supplemental cryptography
packages -- I don't recall if this changed in S10U4 or will change in
U5, but we're definitely moving towards delivering 256-bit key length
support by default.

Nico
--