SMB3 encryption performance

Andrew Bartlett abartlet at samba.org
Sun Feb 15 19:11:26 MST 2015


On Sun, 2015-02-15 at 10:08 -0500, Simo wrote:
> As for the crypto in the Heimdal source, I would really like to avoid
> using it for non-KDC stuff. It causes issues for people that need to
> use
> the MIT code, and for TLS stuff I do not know that it has been vetted
> much by any third party or common use, and asymmetric crypto +
> certificate validation is much more complex than the usual symmetric
> crypto (read: we have no idea how good/safe it is).

It may take some time to get there, but I also agree, we should be using
an external lib for our crypto and random number needs.  I would like to
see us stop shipping copies of crypto libs copied out of Heimdal or
other places, and just use/depend on one external library, plus calls
into standard krb5 functions.  Modulo bugs, that really should over all
the cases we need, and also allow us to stop pretending RC4 is a secure
RNG.  

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list