Kerberos encryption algorithms in FIPS 140-2 compliant mode.
Windows Vista/7/Server 2008/R2 support AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96for Kerberos in FIPS 140-2 compliant mode.However, AES-CTS itself is not listed in NIST FIPS140-2 approved algorithms.http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html#AESCould you let us know AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 are FIPS140-2 compliant or not ?If the answer is no, which encryption algorithms for Kerberos are available in FIPS140-2 compliant mode.Thanks.
February 4th, 2010 10:48am