Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3) with ESMTP id NAA07410; Tue, 12 Nov 2002 13:24:53 -0500 (EST) Received: from konishi-polis.mit.edu (KONISHI-POLIS.MIT.EDU [18.18.3.10]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id NAA14487 for ; Tue, 12 Nov 2002 13:24:53 -0500 (EST) Received: by konishi-polis.mit.edu (Postfix, from userid 8042) id 2BC8915211F; Tue, 12 Nov 2002 13:24:50 -0500 (EST) To: Ken Hornstein Cc: krb5-bugs@mit.edu Subject: Re: SAM uses RC4 insecurely References: <200211120447.gAC4lfUs019903@ginger.cmf.nrl.navy.mil> From: Sam Hartman Date: Tue, 12 Nov 2002 13:24:50 -0500 In-Reply-To: <200211120447.gAC4lfUs019903@ginger.cmf.nrl.navy.mil> (Ken Hornstein's message of "Mon, 11 Nov 2002 23:47:40 -0500") Message-Id: Lines: 15 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.2 (i386-debian-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-RT-Original-Encoding: us-ascii Content-Length: 629 Well, there is a derive-key for rc4, but it only takes keyusage as input, not a string. Defining dk interms of dr would work for rc4 if you had a reasonable definition of dr, but you currently do not. This is an issue both against the code and against your draft. The issue against your draft is best solved by including dr in the crypto profile; the issue against the code is more complex as it requires us to actually define dr for rc4. One simple but kind of sucky definition of dr might be md4. A better definition would involve the data-dependent key setup from the rest of the rc4 draft with the confounder removed.