Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3) with ESMTP id XAA03463; Mon, 11 Nov 2002 23:47:44 -0500 (EST) Received: from ginger.cmf.nrl.navy.mil (ginger.cmf.nrl.navy.mil [134.207.10.161]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id XAA12352; Mon, 11 Nov 2002 23:47:44 -0500 (EST) Received: from cmf.nrl.navy.mil (pendragon.cmf.nrl.navy.mil [134.207.5.3]) (authenticated bits=0) by ginger.cmf.nrl.navy.mil (8.12.5/8.12.5) with ESMTP id gAC4lfUs019903; Mon, 11 Nov 2002 23:47:41 -0500 (EST) Message-Id: <200211120447.gAC4lfUs019903@ginger.cmf.nrl.navy.mil> To: hartmans@MIT.EDU (Sam Hartman) Cc: krb5-bugs@MIT.EDU Subject: Re: SAM uses RC4 insecurely In-Reply-To: Your message of "Fri, 08 Nov 2002 00:31:00 EST." <20021108053100.BEA3A152120@konishi-polis.mit.edu> X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4 WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d gD\SW #]iN_U0 KUmOR.P<|um5yPkEpSD@*e` Date: Mon, 11 Nov 2002 23:47:40 -0500 From: Ken Hornstein X-Spam-Score: hits=0 () User Authenticated X-Virus-Scanned: NAI Completed X-Scanned-BY: MIMEDefang 2.24 (www . roaringpenguin . com / mimedefang) X-RT-Original-Encoding: iso-8859-1 Content-Length: 654 >Hi. The definition of dr in src/lib/crypto/combine_keys.c mishandles >the rc4 enctype. In particular, It will encrypt the constant using >rc4 directly in the long-term key. No cipher state is used for rc4, >so the rc4 PRNG is always positioned at the same point in the cipher >stream. >[...] I think maybe I'm just jet-lagged, or perhaps I'm missing something about RC4 (I know it's a stream cipher, but not the details). But can you elaborate on this statement? >effectively for rc4 dr(k, c) is c^rc4(k). Hm, I guess that after reading Brezak's draft, I see that there doesn't seem to be a Derive-Key() for RC4 (not as I understand it). --Ken