[3639] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #1252] Re: SAM uses RC4 insecurely

daemon@ATHENA.MIT.EDU (kenh@cmf.nrl.navy.mil via RT)
Mon Nov 11 23:48:24 2002

Message-Id: <rt-1252-3681.17.0855693796598@krbdev.mit.edu>
In-Reply-To: <rt-1252@krbdev.mit.edu>
From: "kenh@cmf.nrl.navy.mil via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Mon, 11 Nov 2002 23:47:48 -0500 (EST)


>Hi.  The definition of dr in src/lib/crypto/combine_keys.c mishandles
>the rc4 enctype.  In particular, It will encrypt the constant using
>rc4 directly in the long-term key.  No cipher state is used for rc4,
>so the rc4 PRNG is always positioned at the same point in the cipher
>stream.
>[...]

I think maybe I'm just jet-lagged, or perhaps I'm missing something
about RC4 (I know it's a stream cipher, but not the details).  But
can you elaborate on this statement?

>effectively  for rc4 dr(k, c) is c^rc4(k).

Hm, I guess that after reading Brezak's draft, I see that there doesn't
seem to be a Derive-Key() for RC4 (not as I understand it).

--Ken
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3639] in Kerberos-V5-bugs

[krbdev.mit.edu #1252] Re: SAM uses RC4 insecurely

daemon@ATHENA.MIT.EDU (kenh@cmf.nrl.navy.mil via RT)Mon Nov 11 23:48:24 2002

daemon@ATHENA.MIT.EDU (kenh@cmf.nrl.navy.mil via RT)
Mon Nov 11 23:48:24 2002