[3641] in Kerberos-V5-bugs
[krbdev.mit.edu #1253] Re: SAM uses RC4 insecurely
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Tue Nov 12 13:26:00 2002
Message-Id: <rt-1253-3683.11.6772085752287@krbdev.mit.edu>
In-Reply-To: <rt-1253@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Tue, 12 Nov 2002 13:24:58 -0500 (EST)
Well, there is a derive-key for rc4, but it only takes keyusage as
input, not a string.
Defining dk interms of dr would work for rc4 if you had a reasonable
definition of dr, but you currently do not.
This is an issue both against the code and against your draft. The
issue against your draft is best solved by including dr in the crypto
profile; the issue against the code is more complex as it requires us
to actually define dr for rc4. One simple but kind of sucky
definition of dr might be md4. A better definition would involve the
data-dependent key setup from the rest of the rc4 draft with the
confounder removed.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
