Why the auxiliary cipher in gss_krb5_crypto.c?
David Howells
dhowells at redhat.com
Fri Dec 4 11:01:53 EST 2020
Bruce Fields <bfields at fieldses.org> wrote:
> > Reading up on CTS, I'm guessing the reason it's like this is that CTS is the
> > same as the non-CTS, except for the last two blocks, but the non-CTS one is
> > more efficient.
>
> CTS is cipher-text stealing, isn't it? I think it was Kevin Coffman
> that did that, and I don't remember the history. I thought it was
> required by some spec or peer implementation (maybe Windows?) but I
> really don't remember. It may predate git. I'll dig around and see
> what I can find.
rfc3961 and rfc3962 specify CTS-CBC with AES.
David
More information about the linux-afs
mailing list