AES support in Kerberos requires:
1) PBKDF2 function from PKCS #5 v2.0
2) AES in CBC-CTS mode.
Currently JCE does not support these algorithms.
I have added support for these algorithms in the Kerberos provider.
However, we should look into adding support for these algorithms
in JCE (for mustang).
Looking at PKCS #5 v2.0, some of the algorithms were added to
JCE in JDK1.4.0, as part of JSR 74 requirements. We should look
into all the other algorithms defined in PKCS #5 v2.0, and consider
adding complete support for PKCS #5 v2.0 in JCE.
Looking at mustang planning docs, JUXTA has also requested
support for PKCS #5 (v2.0 ?). We should find out the algorithms
they are interested in.
CTS mode is defined in RC5. But currently we do not support RC5 cipher.
Is this a popular algorithm used by other applications? Should we consider
to add support for RC5 cipher in JCE ?